[PLUG] Viewing auth.log
Will Andrews
Will Andrews <will@physics.purdue.edu>
Wed, 14 Feb 2001 16:14:10 -0500
On Wed, Feb 14, 2001 at 03:27:47PM -0500, Marcom, Greg wrote:
> Feb 12 10:10:01 ###### portmap[15249]: connect from 203.68.244.15 to
> getport(status): request from authorized host
>
> ##### is my machine name.
>
> I don't want to give it out yet because I am still working with TCP wrappers
> and config of sendmail.
> Should I be worried? When I noticed this I went back to check all my
> services and what ports I had opened. And it has not happened since.
Giving out your machine name's not going to give anyone a clue about
where your machine is (unless it is something obvious, like some
resnet host e.g. tark-a-043 or something).
TCP wrappers isn't the best approach to securing your machine, IMO.
A good firewall will do a better job of that than anything else (and
it's more low-level than TCP wrappers, which allows packets through
anyway).
What the line above says is that someone connected to your portmap
daemon from 203.68.244.15 (a noticeably Australian/NZ IP address).
Whether that is good or not depends on what you intended.
In short, I think you're being overly paranoid about what has happened
and not paranoid enough about protecting your machine.
--
wca