I've seen a number of log messages in /var/log/authlog of the form
``rpcbind: connect from 216.123.160.11 to dump()''.  (I'm running rpcbind
since I'm currently using NFS.  I assume that I only need rpcbind running
on the NFS server, correct?)

My questions:

 * This looks to me like someone is trying to scan my system.  I've seen
   these dump() calls come in from a variety of different addresses over
   the past few months.  Is it, as I suspect, a likely malicious attempt
   to get information out of my system?

 * What can a remote host generally get from me by this?  Suppose that
   I am running a fairly vanilla system, with some read-only exported
   NFS filesystems.  Is rpcbind a gaping security hole for a stock NetBSD
   system?  (Yes, I understand that rpcbind is disabled by default.  Maybe
   I should say ``an almost-stock NetBSD system''.  (^&)

 * Is there a simple way that I can disable this without impairing NFS?
   (Or, alternatively, a way that I can blacklist addresses from any
   network contact?)


  "I probably don't know what I'm talking about." --rauch@eecs.ukans.edu