[Snort-users] callit ?
Erich.Meier at ...99...
Thu Aug 31 05:51:18 EDT 2000
On Thu, Aug 31, 2000 at 11:10:46AM +0200, Preben Randhol wrote:
> I keep getting this in my logs:
> portmap: connect from W.X.Y.Z to +callit(300214): request from
> unauthorized host
> snort doesn't report anything wrong, but I cannot find out what callit
> is? If somebody can point me to a doc where I can find out what callit
> is it would be great.
This has nothing to do with snort.
Someone tried to call a RPC service with the program number 300214 on your
host which was denied by the portmapper.
Obviously, your portmapper is compiled with tcp_wrappers, that can be configured
via /etc/hosts.allow and /etc/hosts.deny. You should find "portmap:" lines
To find out, what service the remote host requested, simply run "rpcinfo -p"
on your host and look for 300214 in the first row.
More information about the Snort-users