HPE Community
Operating System - HP-UX
1832584 Members
3217 Online
110043 Solutions
New Discussion

strange portmap requests

 
SOLVED
Go to solution
Susan Markley
Occasional Contributor

‎02-12-2001 11:09 AM

‎02-12-2001 11:09 AM

strange portmap requests

Hi,
I have a machine 11.00 that for some reason is sending portmap requests to a machine. Here is the error that the outside machine is logging:
Feb 9 15:40:48 outsidemachine portmap[7169]: connect from x.x.x.x to getport(status): request from unauthorized host

x.x.x.x is the my 11.00 machine. The only point of interest is that the name of the outside machine used to be the name of my 11.00 machine. My feeling is that somewhere there is a config file that has the old name in it but I have looked everywhere. DNS, /etc/hosts, and NIS' hosts files all report the correct IP -> name.

Any help or suggestions would be much appreciated.
Thanks,
Susan
0 Kudos
Reply
5 REPLIES 5
Steven Sim Kok Leong
Honored Contributor

‎02-13-2001 08:11 AM

‎02-13-2001 08:11 AM

Re: strange portmap requests

Hi,

Give lsof a try. Run lsof and grep for the outside machine's hostname and IP address on your local machine. If you run it when the remote RPC was made, there is a chance that you will be able to identify the process that is opening this socket connection along with the opened files (may possibly include the configuration file) used by this process.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎02-13-2001 08:29 AM

‎02-13-2001 08:29 AM

Re: strange portmap requests

I thought portmap was replaced by rpcbind on 11.0?

Check and ensure you have only one netconf under /etc/rc.config.d (no backups or saved versions, they count also).

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
Brian Hackley
Honored Contributor

‎02-13-2001 11:29 AM

‎02-13-2001 11:29 AM

Solution

Re: strange portmap requests

Hi,

Just an additional thought to go check /var/statmon/sm.bak for an entry corresponding to the remote host. If present, remove the file. rpc.statd is most likely trying to contact the status monitor on the remote host if that is the case. Less likely would be an entry in the /var/statmon/sm directory. Stopping rpc.statd / rpc.lockd and restarting them is recommended after doing this, but that restart can be delayed until a later time in case you have other active file locking in progress (e.g. users with $HOME mounted over NFS and using ksh history file).

Hope this helps,
Brian
Ask me about telecommuting!
Reply
Susan Markley
Occasional Contributor

‎02-13-2001 01:56 PM

‎02-13-2001 01:56 PM

Re: strange portmap requests

I checked and I do have a file in /var/statmon/sm.bak which has the outside machine's name in it. Before I delete and restart, I want to find out why it is there. The man says that it is created by rpc.statd. Does anyone know why it would create such a file? I am afraid that there is a config file somewhere and I'll reboot and the file will be back again...

Thanks for all your help,
Susan
0 Kudos
Reply
Susan Markley
Occasional Contributor

‎02-14-2001 09:59 AM

‎02-14-2001 09:59 AM

Re: strange portmap requests

I deleted the file in /var/statmon/sm.bak and it is now working fine.
Thanks for your help,
Susan
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.