From owner-freebsd-stable  Fri Jan  4 15:44:27 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from clink.schulte.org (clink.schulte.org [209.134.156.193])
	by hub.freebsd.org (Postfix) with ESMTP id CBA7B37B405
	for <freebsd-stable@freebsd.org>; Fri,  4 Jan 2002 15:44:24 -0800 (PST)
Received: from schulte-laptop.nospam.schulte.org (nb-65.netbriefings.com [209.134.134.65])
	by clink.schulte.org (Postfix) with ESMTP
	id E4FFF2440D; Fri,  4 Jan 2002 17:44:19 -0600 (CST)
Message-Id: <5.1.0.14.0.20020104173303.03f77958@pop3s.schulte.org>
X-Sender: 
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 04 Jan 2002 17:43:45 -0600
To: Sam Drinkard <sam@wa4phy.net>, freebsd-stable@freebsd.org
From: Christopher Schulte <schulte+freebsd@nospam.schulte.org>
Subject: Re: Something about port 111
In-Reply-To: <3C363624.39425529@vortex.wa4phy.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

At 06:09 PM 1/4/2002 -0500, Sam Drinkard wrote:
>Hello gang,
>
>     This might be slightly off topic, but am curious, since it just
>started after going to 4.5-Pre.  I've noticed a tremendous increase in I
>assume portscans for port 111, since the upgrade.  AFIK, no one has
>gotten through, and I've not seen anything in particular about port 111
>in security.  IS there something vulnerable about 111 that would have
>increased a cracker's chance in gaining access via that port?

This would probably be better suited in -questions or -security, but...

Port 111 has and will be a target for scans.  It's highly unlikely that 
increased visibility of scans has anything to do with your recent OS 
update.  Either 4.5-Pre is logging them differently, or coincidentally the 
scans have increased.

See http://www.cert.org/current/current_activity.html for a few links to 
recent rpc services which have been found to have issues.  Most or all of 
these don't affect FreeBSD in general, and all are certainly are fixed in 
4.5-whatever

As always: know what open ports your system runs.  Use packet filtering as 
needed.  Keep up on advisories.  Have an IDS, and keep good backups.

>Sam

--c


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message