From: Christopher L. Barnard (cbar44@tsg.cbot.com)
Date: Tue May 28 2002 - 09:16:59 EDT
Here are three examples of someone trying to call rpcbind on a server of
mine. In all three cases the IP is not in DNS, so it is most likely a
DHCP wintel box that some developer is using and he or she is not even
aware that it is trying to contact my server. Since I have rpcbind
wrapped on this server the attempt is unsuccessful, but I have to admit
I do not recognize these and I am wondering if anyone else does. Does
anybody recognize callit(), getport(\377\276\330\240), or dump()? And
why would they attempt to get these services(?) from the company mail
gateway?
btw, portal is an Ultra 2 running Solaris 8, and is the company gateway
for mail.
> May 24 16:37:05 portal rpcbind: [ID 884469 local3.warning] refused connect from 164.74.19.26 to callit()
>
> May 25 09:30:16 portal rpcbind: [ID 884469 local3.warning] refused connect from 164.74.16.189 to getport(\377\276\330\240)
>
> May 25 11:21:18 portal rpcbind: [ID 884469 local3.warning] refused connect from 164.74.17.182 to dump()
>
+-----------------------------------------------------------------------+
| Christopher L. Barnard O When I was a boy I was told that |
| cbarnard@tsg.cbot.com / \ anybody could become president. |
| (312) 347-4901 O---O Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:23 EDT