Very Computer

A couple of weeks ago, my system's security was compromised.
How do I know ?  Well, ALL my logs were gone.  The person (not very clever)
that broke into my server deleted the /var directory.  Due to this I could
not trace back the intrusion.

Anyway, I rebuilt my system and install kfirewall, so I trust I'm more
secure than I was 3 weeks ago.
And now I'm into the habit of checking my log files almost daily (not that
I'm paranoid or anything).
I need help on the following log entries, which I don't know exactly what
they mean:
1. My "/var/log/messages" files has the following entry (of course,
<myHostName> is the name of my machine and ### is the ip address probing? my
machine...

...
Dec 12 11:26:49 <myHostName> portmap[11737]: connect from ###.###.###.### to
callit(nfs): request from unauthorized host
Dec 12 11:40:09 <myHostName> -- MARK --
Dec 12 12:00:09 <myHostName> -- MARK --
Dec 12 12:20:09 <myHostName> -- MARK --
Dec 12 12:21:11 <myHostName> portmap[12045]: connect from ###.###.###.### to
callit(nfs): request from unauthorized host
...

Could this be the same person that broke into my machine 3 weeks ago, trying
to do the same again ?
Even if it's not, is this enough grounds to call up network administrators
and advice them of the probes ?

Thanks,

--
Jose'

Quote:>Anyway, I rebuilt my system and install kfirewall, so I trust I'm more
>secure than I was 3 weeks ago.

Hrmph. Not if it's letting in portmap requests from the outside, you ain't.

        -Kenny

--
Kenneth R. Crudup   Sr. SW Engineer, Scott County Consulting, Washington, D.C.
Home1: PO Box 914               Silver Spring, MD 20910-0914    (301) 562-1922
Home2: 38010 Village Cmn. #217  Fremont, CA 94536-7525          (510) 745-8181
Work:  19420 Homestead Road     Cupertino, CA 95014-0606        (408) 447-6654

And unless you have a reason to, don't run nfs, and therefore you don't
need to run portmap either.

Villy