Lockd was Re: (no subject)

J.L.Francois jlf@magusnet.gilbert.az.us
Thu, 16 Nov 2000 07:08:57 -0700


It seems like on Thu, Nov 16, 2000 at 05:13:14AM -0700, Sonja Michelle Lina Thomas scribbled:
Orig Msg> -----BEGIN PGP SIGNED MESSAGE-----
Orig Msg> Hash: SHA1
Orig Msg> 
Orig Msg> This came across my logs this am. Not sure what it is. Everything
Orig Msg> seems to be intact and no strange behaviour or traffic has been
Orig Msg> noticed.
Orig Msg> 
Orig Msg> Nov 16 05:00:17 linux kernel: lockd: connect from unprivileged port:
Orig Msg> 209.181.13
Orig Msg> Nov 16 05:00:17 linux kernel: lockd: accept failed (err 11)!
Orig Msg> 
Orig Msg> The address reversed to zdialup.phnx.uswest.net
Orig Msg> 
Orig Msg> - ----------------------------------------------------------------
Orig Msg> Sonja Michelle Lina Thomas
Orig Msg> 

????? What does this box do ?????

rpc.lockd is the NFS Lock Manager.
It looks like an rpc service scan.
By itself it is nothing, if portmap,rpc.statd,or some other various NFS
daemon incarnations are running, you may want to shut them off and
do a quick audit.

If a firewall is installed somewhere on your LAN please filter
incoming to UDP/TCP port(s) identified by doing:

rpcinfo -p localhost

on the "scanned" host.

See:
http://the.wiretapped.net/security/security-advisories/cert-advisories/

Jean Francois - JLF Sends...
President & CEO - MagusNet, Inc., MagusNet.com, MagusNet.Gilbert.AZ.US
Director Of Managed Services - OpNIX,Inc., www.opnix.com
OpNIX - Simply Better Bandwidth
602-770-JLF1 - Cellular, ICQ:  8137851
My Certifications: http://www.brainbench.com/transcript.jsp?pid=1214021
Doing my part to educate the Clubie Illiterati.  One LART at a time!