On Thu, 2 Dec 1999, Eric Zylstra wrote:

> I've been wondering about the daily reports auto-generated by the 
> system.  Every one has the following line:
> 
> Last dump(s) done (Dump '>' file systems):
> 
> 
> There never are any reported Dumps.  When I grep the authlog for 
> 'dump', though, I get the following:
> Nov 13 15:10:57 cider2 portmap[13256]: connect from 209.85.146.4 to dump()
> Nov 13 20:30:58 cider2 portmap[13569]: connect from 203.69.36.63 to dump()
> Nov 17 20:51:45 cider2 portmap[23908]: connect from 139.78.100.124 to dump()
> Nov 18 11:45:58 cider2 portmap[25996]: connect from 128.135.195.19 to dump()
> 
> 
> So, I assume, the Dump '>' file systems is a whole different thing 
> from connecting to dump.  Can someone confirm (or otherwise) that 
> connects from miscellaneous addresses to dump() is correct and valid 
> behavior?

this means people from those addresses are trying to hack your system.
The "last dump done" part would be if you did a dump.

-Dan