RE: Lots of attempts on port 111 lately...

Thu, 28 Dec 2000 09:29:37 -0800 

Well, it's available on my site for anyone who wants to see who was trying
to get in to mine, so they can make appropriate changes to theirs...

> -----Original Message-----
> From: Chris Dowling [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, December 28, 2000 12:13 PM
> To:   '[EMAIL PROTECTED]'
> Subject:      Re: Lots of attempts on port 111 lately...
> 
> On Thu, 28 Dec 2000, Burke, Thomas G. wrote:
> 
> > Hey all,
> > 
> >     The subject says it all, I have had a shitload of attempts on port
> > 111 (sunrpc) lately...  Is there some new bug on the r* stuff, or is it
> just
> > that all the script kiddies are out on vacation?  Anybody else notice
> this,
> > or is it just me?
> 
> dunno about that. I get a weird one every couple of hours. a whole buncha
> ips (from all over the place) just ping me. that's it. oh, and
> occasionally they might try to do something else, like try to exploit
> services...
> 
> >     As an aside, I've added an (L)user link on my web site's main page
> > (right below the firewall) that lists all the machines blocked from my
> > machine (check out http://tomii.erols.com/lusers.txt)...  Has anyone
> else
> > ever done this?  I ask as I'm sure there's a better way to do it than
> the
> > way I did (I'm no scripter)...
> 
> that raised an interesting issue. we have spam rbl's, why not something
> like ip rbl's? provide logs of the attempt, and then that ip is listed as
> a dodgy source. then you can filter those ip's out (although that would be
> a mamoth task with ipchains). just some extra piece of mind.
> 
> actually, I think that the benefits of this would outweigh the
> disadvantages, over time anyway. it would restrict access, and dialup for
> dialup accounts it would be pointless (to a certain extent). bad points
> 
> good points: it would increase the awareness of such stupid attacks, it
> would force administrators to enforce stringent anti hack policies to
> prevent ip's in their block from being listed, create another layer of
> defence from attackers (or at least make it harder for attackers, which
> should rule out some script kiddies)...
> 
> thoughts?
> 
> chris (quiet ramblings before bedtime)
> 
> 
> 
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to