AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:<20080402111047.2c8ab783@ripper.onstor.net>
CFG:
PT:0
S:andy.sharp@onstor.com
RQ:
SSV:onstor-exch02.onstor.net
NSV:
SSH:
R:<maxim.kozlovsky@onstor.com>,<rich.lareau@onstor.com>,<dl-cstech@onstor.com>
MAID:1
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
RMID:#imap/andys@onstor.net@onstor-exch02.onstor.net/INBOX	0	BB375AF679D4A34E9CA8DFA650E2B04E09321C36@onstor-exch02.onstor.net
X-Sylpheed-End-Special-Headers: 1
Date: Wed, 2 Apr 2008 11:11:30 -0700
From: Andrew Sharp <andy.sharp@onstor.com>
To: "Maxim Kozlovsky" <maxim.kozlovsky@onstor.com>
Cc: "Rich LaReau" <rich.lareau@onstor.com>, "dl-cstech"
 <dl-cstech@onstor.com>
Subject: Re: nfxnis_rcvPortmapResponse
Message-ID: <20080402111130.12f454d8@ripper.onstor.net>
In-Reply-To: <BB375AF679D4A34E9CA8DFA650E2B04E09321C36@onstor-exch02.onstor.net>
References: <BB375AF679D4A34E9CA8DFA650E2B04E09321C22@onstor-exch02.onstor.net>
	<BB375AF679D4A34E9CA8DFA650E2B04E09321C36@onstor-exch02.onstor.net>
Organization: Onstor
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Is it possible that it's some virus laden Windows machine (ok, that was
trite) that is trying to break into machines on its network via some
sort of portmapper exploit?  I assume we don't filter out portmapper
requests from IP addresses that are not configured as NIS servers.

Cheers,

a

On Wed, 2 Apr 2008 10:59:49 -0700 "Maxim Kozlovsky"
<maxim.kozlovsky@onstor.com> wrote:

> Hi Rich,
> 
> This error means that we received a portmap response from NIS server,
> but we don't have a request that is currently executed against this
> NIS server. If this happens repeatedly there may be something wrong
> with their NIS. Try to gather a trace between the filer and the IP
> given in the error message, this may explain what is going on.
> 
> Max
> 
> >-----Original Message-----
> >From: Rich LaReau
> >Sent: Wednesday, April 02, 2008 10:52 AM
> >To: dl-cstech
> >Subject: nfxnis_rcvPortmapResponse
> >
> >
> >This error fills the logs at one site.  I couldn't find a reference
> >to
> it
> >anywhere, could somebody interpret it for me please?  Is see that
> >port
> 111
> >is sunrpc-- is it jus some kind of scanning process?
> >
> >
> >Apr  2 03:00:11 fss-pnasgw1 : 0:0:ea:ERROR:
> >nfxnis_rcvPortmapResponse: Portmap Resp [xid=0x8b4f4403] from
> >ip=143.199.103.10 port=111. NO
> Request
> >for VS=3.
> >
> >Thanks,
> >Rich
