certainly does smell like some shell code (although some of the other
characters look like an Asian character set being misinterpreted). Best
bet is to set up some IPChains/Tables rules with a Default-Deny stance and
then allow in from the outside only the very minimal required based on your
security policy. I've got a few machines which require the rpc stuff
(along with some other unsafe protocols). I disallow external connections
(incoming *and* outgoing - with logging) while allowing the internal soft
chewy center machines to communicate freely.
At 03:30 AM 5/24/2001 -0300, Peter Cordes wrote:
>On Wed, May 23, 2001 at 10:58:43PM -0700, Wade Richards wrote:
> > Yep, it's a security problem. Someone is trying to hack into your system
> > using one of many known security bugs in the rpc daemon.
> >
> > If you don't need the rpc stuff running, then just disable it (better yet,
> > uninstall it). If you really do need it running, but it's only used
> > locally, then I suggest you use ipchains to drop any packets targeted to
> > port 111. But best is to simply remove it entirely.
>
> That only blocks portmap. Other UDP services can be found with a UDP port
>scan by e.g. nmap.
>
>--
>#define X(x,y) x##y
>Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca)
>
>"The gods confound the man who first found out how to distinguish the hours!
> Confound him, too, who in this place set up a sundial, to cut and hack
> my day so wretchedly into small pieces!" -- Plautus, 200 BCE
>
>
>--
>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
Eric N. Valor
Webmeister/Inetservices
Lutris Technologies
[EMAIL PROTECTED]
- This Space Intentionally Left Blank -
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
