From: Gallagher, Kevin (K.Gallagher@napier.ac.uk)
Date: Mon Jan 08 2007 - 10:55:17 EST
My Security Manager has reported a lot of port scanning emanating from
my SUN NIS+ Master server, both TCP and UDP. The focus of this scanning
is two SUSE Linux servers, one a web server and the other a data server,
both are VM's. I am running Solaris 7 on the NIS+ Master and Nis-utils
1.4.1 on the SUSE 9.3 Linux servers. Is this normal behaviour given the
OS difference? Is there something I can check to see what is causing
this? I am getting RPC error messages on the Master server talking to
itself.
Message log file entry:
nisd[8631]: RPC ERROR in talking to xxxx.xxx.napier.ac.uk..
The output of ps -lt is supplied
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 Dec 06 ? 0:00 sched
root 1 0 0 Dec 06 ? 0:01 /etc/init -
root 2 0 0 Dec 06 ? 0:00 pageout
root 3 0 0 Dec 06 ? 35:30 fsflush
root 202 1 0 Dec 06 ? 0:00 /usr/lib/utmpd
root 99 1 0 Dec 06 ? 0:00 /usr/sbin/in.routed -q
root 244 1 0 Dec 06 ? 0:00 /usr/lib/saf/sac -t 300
root 49 1 0 Dec 06 ? 0:00
/usr/lib/devfsadm/devfseventd
root 51 1 0 Dec 06 ? 0:00
/usr/lib/devfsadm/devfsadmd
root 105 1 1 Dec 06 ? 169:36 /usr/sbin/rpcbind
root 172 1 0 Dec 06 ? 0:01 /usr/sbin/cron
root 107 1 0 Dec 06 ? 1:59 /usr/sbin/keyserv
root 109 1 1 Dec 06 ? 2:41 /usr/sbin/nis_cachemgr
root 116 114 0 Dec 06 ? 1:19 rpc.nisd_resolv -F -C 4
-p 1073741824 -t udp
root 114 1 2 Dec 06 ? 260:52 /usr/sbin/rpc.nisd -Y -B
root 197 1 0 Dec 06 ? 0:00 /usr/lib/power/powerd
root 273 1 0 Dec 06 console 0:00 /usr/lib/saf/ttymon -g -h
-p hades console login: -T sun -d /dev/console -l co
root 151 1 0 Dec 06 ? 0:00 /usr/sbin/inetd -s -t
daemon 147 1 0 Dec 06 ? 0:00 /usr/lib/nfs/statd
root 146 1 0 Dec 06 ? 0:00 /usr/lib/nfs/lockd
root 159 1 1 Dec 06 ? 1:24
/usr/lib/autofs/automountd
root 170 1 0 Dec 06 ? 2:17 /usr/sbin/syslogd
root 189 1 0 Dec 06 ? 0:48 /usr/sbin/nscd
root 206 1 0 Dec 06 ? 0:00 /usr/sbin/vold
root 247 244 0 Dec 06 ? 0:00 /usr/lib/saf/ttymon
root 212 1 0 Dec 06 ? 0:00 /usr/sbin/sshd
root 215 1 0 Dec 06 ? 0:00 /usr/sbin/rpc.nispasswdd
-v
root 233 1 0 Dec 06 ? 0:00 /usr/lib/snmp/snmpdx -y
-c /etc/snmp/conf
root 250 233 0 Dec 06 ? 13:29 mibiisa -r -p 32917
root 239 1 0 Dec 06 ? 0:00 /usr/lib/dmi/dmispd
root 240 1 0 Dec 06 ? 0:00 /usr/lib/dmi/snmpXdmid -s
hades
root 8743 212 0 14:23:49 ? 0:04 /usr/sbin/sshd
keving 8745 8743 0 14:23:54 pts/0 0:00 -tcsh
root 8747 8745 0 14:24:17 pts/0 0:00 -sh
root 8752 8747 0 14:24:30 pts/0 0:01 tcsh
root 8917 8752 1 15:42:45 pts/0 0:00 ps -ef
Kevin Gallagher
This message is intended for the addressee(s) only and should not be read,
copied or disclosed to anyone else outwith the University without the
permission of the sender.
It is your responsibility to ensure that this message and any attachments are
scanned for viruses or other defects. Napier University does not accept
liability for any loss
or damage which may result from this email or any attachment, or for errors or
omissions arising after it was sent. Email is not a secure medium. Email
entering the
University's system is subject to routine monitoring and filtering by the
University.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:26 EDT