On Tue, 5 Jun 2001, Dave Sherohman wrote: > > Nah. They're talking to portmap, not telnetd. Those requests are asking > about available RPC services, most likely in hopes of finding a vulnerable > NIS or NFS installation. Ok, I've heard of exploits on RPC, now I'm curious. What's using RPC? Is it just NIS and NFS? I've heard of tons of RPC ports strewn about that can be exploited, it's the only remaining port that I'm worried about on my system. back to the original question on security, port scans are part of life. Kiddies all over the internet like to run their port scanners because they're HACKERS and they're unstoppable! just like in the movie! *rolls eyes* Just make sure you aren't running anything unnecessary, like xfs, nis, nfs, etc. Out of curiosity, are you on a cable modem? I've noticed that when I was on DSL no one even looked at my box but on cable in the last week I've collected large amounts of IP addresses probing away at my firewall. They've mainly been targeting FTP, which is odd, since I hadn't had ftpd up and running at that point. Real bright ones, they are! :-) tcp wrappers do a pretty good job, an ALL:ALL in hosts.deny lets me sleep at night anyway. I also have a policy of denying ICMP requests on my outside interface just to thwart the really stupid kiddies. Between these two I feel relatively secure. Then just check your startup script to make sure you aren't running anything you don't need to be. -Brian