> we have small PC cluster running Debian 2.1. Since a few days to of those bother me with
> the following message:
> "my_host portmap[6050]: connect from 134.58.X.Y to callit(ypserv): request from unauthorized host".
> In principle that is o.k., because 134.58.X.Y should have no access to
> our cluster. It is just, that this message appears once per minute and only at two out of
> seven boxes.
>
> I checked with "tcpdump" and it seems, that 134.58.X.Y sends a request to the address
> 134.58.255.255, which is then picked up by my_host (my_host has a different IP number, of
> course). Does anybody has an idea why only 2 out of 7 boxes have that behaviour? Since it is
> the same software it must be some setting, maybe in /etc. But where? How I can prevent the
> "portmap" from picking up the request? It simply annoys me.
>
> P.S. 134.58.X.X is a machine of a neighboring institute. It is not a hacker attack.
If you'd like to not get these messages you can just put a line
at the top of your /etc/hosts.allow file:
portmap: 134.58.X.Y : deny : severity local7.info
You'll then need to edit your /etc/syslog.conf and add:
local7.none;into the definition of messages which go to /var/log/messages.
Then do a 'killall -HUP syslogd' and you should be set.