A few quesitons:

1) Why do you have a service listening on this port if you intend to
block all traffic to it?
2) Are there any other services that might be exposed if iptables are
reset? or is sunrpc the only one?
3) What logs do you have with normal operation?

I would recommend removing all unnecessary services to start.

If you have a log of the normal start and stop but not the unexpected
start and stop, and only *one* additional service is being exposed,
then it sounds like something nefarious to me. Seriously.

If on the other hand it seems as though all iptables are being reset,
then it might be something more straightforward as Craig described.

A final thought: How are you setting your iptables rules? Also, are
you using an explicit DROP statement at the top?

- Erich


-- 
"A man is defined by the questions that he asks; and the way he goes
about finding the answers to those questions is the way he goes
through life."
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss