hello, my new rh 7.2. box has port 111 (rpc) open. is this a risk? I've searched for info in google... and it looks quite dangerous. what shall i do now? lock 111 with the firewall, or disable an entire service?

thanks indeed!

Are you running something like portsentry on that machine?

http://www.cert.org/advisories/CA-2000-17.html

yeah portsentry is running

OK check /etc/portsentry/portsentry.conf

Go through the config.. ports listening etc..
If it's listening on port 111 then all is fine as portsentry opens the port up to catch scans..