From owner-freebsd-stable Fri Jan 4 15:38:59 2002 Delivered-To: freebsd-stable@freebsd.org Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.122.47]) by hub.freebsd.org (Postfix) with ESMTP id 4E1C137B416 for ; Fri, 4 Jan 2002 15:38:56 -0800 (PST) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.11.3/8.10.1) with ESMTP id g04NdHn73213; Fri, 4 Jan 2002 15:39:17 -0800 (PST) Date: Fri, 4 Jan 2002 15:39:17 -0800 (PST) From: Doug White To: Sam Drinkard Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Something about port 111 In-Reply-To: <3C363624.39425529@vortex.wa4phy.net> Message-ID: <20020104153801.K65848-100000@resnet.uoregon.edu> X-All-Your-Base: are belong to us MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 4 Jan 2002, Sam Drinkard wrote: > This might be slightly off topic, but am curious, since it just > started after going to 4.5-Pre. I've noticed a tremendous increase in I > assume portscans for port 111, since the upgrade. AFIK, no one has > gotten through, and I've not seen anything in particular about port 111 > in security. IS there something vulnerable about 111 that would have > increased a cracker's chance in gaining access via that port? port 111 is portmap, which has a less than stellar security record. In particular most Linux versions of it are easily exploitable, so there are plenty of scanners on the Internet looking for them. Unless you're mounting NFS volumes across the Internet you should block it, or if you aren't using NFS at all, you should turn it off. Doug White | FreeBSD: The Power to Serve dwhite@resnet.uoregon.edu | www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message