Odd rpcbind connection

Asked Jul 19 '21 at 19:47

Active Jul 19 '21 at 19:57

Viewed 30 times

I ran rpcbind on my Centos 8 server and I noted an odd server:

rpcbind 1038 rpc 13u IPv4 46028565 0t0 TCP CentOS-82-64-minimal:sunrpc->ilijavujovic.tempurl.host:61000 (ESTABLISHED)

Looks very dubious. Any idea how this might have occurred or how to avoid it?

edited Jul 19 '21 at 19:57

asked Jul 19 '21 at 19:47

1qwelle

An IP address would definitely help here. Where is this connection actually going? – Massimo Jul 19 '21 at 20:41
Looks definitely dubious (If I just put the name in a web browser it actually connects and I get a default WordPress site). But there is no way of knowing what on your system actually connected to it, how or why. – Massimo Jul 19 '21 at 20:44
I got this after searching: https://www.abuseipdb.com/check/178.62.55.214 This is scanning the port I assume? Yet I don't understand why it appears alongisde RPCBIND – 1qwelle Jul 22 '21 at 07:18
Anyway, just as databases, this service should probably never be exposed to Internet without proper firewalling. – A.B Jul 22 '21 at 07:38

0 Answers0