Hello, I've got a report that one maschine is doing portmap requests it shouldn't do. It's a Netware 4.11 server, which has a novell unix gateway suite installed. -- sanitized log excerpt from "victim" --- Jan 21 00:16:10 some-host portmap[15440]: connect from xxx.xxx.xxx.xxx to callit(300055): request from unauthorized host Jan 21 00:17:14 some-host portmap[15501]: connect from xxx.xxx.xxx.xxx to callit(300055): request from unauthorized host Jan 21 00:18:18 some-host portmap[15566]: connect from xxx.xxx.xxx.xxx to callit(300055): request from unauthorized host There's about one request per minute and it apparently has been going on for weeks. There's nothing in the configuration, that I'm aware of, that would cause the requests to this particular maschine. Is anything out there that I should know? That is is there a known way to hijack said novell unix gateway? Robinton P.S.: no packet dumps available at the moment, will try to get them ASAP -- I've asked for kindness and ultimate truth. Still waiting for the answer. -- Und das, Wesley, ist eine Luftschleuseeeeeeeeeeeeeeeeeeeeeeeee... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 09:54:27 PST