[ale] rlzdbase ???

Jerry Z. Yu z.yu at voicecom.com
Fri Aug 23 14:50:23 EDT 2002 

	'rlzdbase' is your own addition? My own /etc/services doesn't have 
635 port or mountd listed at all.  At startup, mountd should dynamically 
bind to a free port within a range, thus its clients should get the 
actual port by querying portmap service at port 111.


On Fri, 23 Aug 2002, Geoffrey wrote:

#
#
#Jerry Z. Yu wrote:
#> quote from a port faq
#> at 
#> http://www.bismark.it/gnomixland/phpscript/pagina.php?sezioni=Sicurezza&link=faqfirewall.htm#1.1
#> <quote>
#> Linux mountd bug. This is a popular bug that people are scanning for. Most 
#> scans on this port are UDP-based, but they are increasingly TCP-based 
#> (mountd runs on both ports simultaneously). Note that mountd can run at 
#> any port (for which you must first do a portmap lookup at port 111), it's 
#> just that Linux defaulted to port 635 in much the same way that NFS 
#> universally runs at port 2049.
#
#Okay, I figured it out.  Thanks for the info, although I'd expect a more 
#reasonable comment in /etc/services.
#
#Yesterday when I accidentally deleted those files I posted earlier, they 
#resided on a filesystem that is also an nfs share.  So, to umount the 
#filesystem, I had to shutdown nfs.  I then attempted to remount the 
#share to another machine before I restarted NFS.  I just ran through the 
#same scenario and sure enough, same alert.
#
#Thanks for the info.
#
#> </quote>
#> 
#>  On Fri, 23 Aug 2002, Geoffrey wrote:
#> 
#> #Okay, just got an attack alert from portsentry identifying one of my own 
#> #machines with attacking my primary box at port 635 which is identified 
#> #as rlzdbase in /etc/services.  So, following a completely useless search 
#> #on google, WTH is rlzdbase service and what's it's purpose??
#> #
#> #-- 
#> #Until later: Geoffrey		esoteric at 3times25.net
#> #
#> #I didn't have to buy my radio from a specific company to listen
#> #to FM, why doesn't that apply to the Internet (anymore...)?
#> #
#> #
#> #---
#> #This message has been sent through the ALE general discussion list.
#> #See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
#> #sent to listmaster at ale dot org.
#> #
#> 
#> Jerry Z. Yu					+1-404-487-8544 (O)
#> systems engineer				z.yu at voicecom.com
#> is support, voicecom, llc			www.voicecom.com
#> 
#> 
#
#
#-- 
#Until later: Geoffrey		esoteric at 3times25.net
#
#I didn't have to buy my radio from a specific company to listen
#to FM, why doesn't that apply to the Internet (anymore...)?
#

Jerry Z. Yu					+1-404-487-8544 (O)
systems engineer				z.yu at voicecom.com
is support, voicecom, llc			www.voicecom.com


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list