Perhaps this question should be on another list, but I thought it might
be of interest to others on this list. 

I have several NetBSD pmax machines on the University of Maryland 
network.  Checking the log files of each reveals a consistent 
pattern of the following (attempted?) exploits:

<machine name> portmap[ <pid> ] connect from < outside ip addr. > to 
    dump(): request from unauthorized host.

Is this an exploit that others of you have dealt with?  I've got
portmapper turned on for NFS mounts, and I thought I had outside 
connections turned off in hosts.deny.  How, then, are they making
the connection to portmap.  

My apologies if this post is on the wrong list.

Doug