On Tue, 5 Jun 2001, Dave Sherohman wrote:

> 
> Nah.  They're talking to portmap, not telnetd.  Those requests are asking
> about available RPC services, most likely in hopes of finding a vulnerable
> NIS or NFS installation.

Ok, I've heard of exploits on RPC, now I'm curious.  What's using RPC?  Is
it just NIS and NFS?  I've heard of tons of RPC ports strewn about that
can be exploited, it's the only remaining port that I'm worried about on
my system.

back to the original question on security, port scans are part of
life.  Kiddies all over the internet like to run their port scanners
because they're HACKERS and they're unstoppable!  just like in the
movie!  *rolls eyes*  Just make sure you aren't running anything
unnecessary, like xfs, nis, nfs, etc.  Out of curiosity, are you on a
cable modem?  I've noticed that when I was on DSL no one even looked at my
box but on cable in the last week I've collected large amounts of IP
addresses probing away at my firewall.  They've mainly been targeting FTP,
which is odd, since I hadn't had ftpd up and running at that point.  Real
bright ones, they are! :-)

tcp wrappers do a pretty good job, an ALL:ALL in hosts.deny lets me sleep
at night anyway.  I also have a policy of denying ICMP requests on my
outside interface just to thwart the really stupid kiddies.  Between these
two I feel relatively secure.  Then just check your startup script to make
sure you aren't running anything you don't need to be.

-Brian