Well, statd has had multiple exploits over the years. There is a statd exploit that
works with rh 6.0/6.1/6.2 and RedHat has released a fixed statd for this. Don't think
you are just being targeted. I'm sure everybody else in your subnet was scanned for
the same thing. Its pretty common for kiddies to scan large amounts of ips for
vulnerable services.
Jeremiah Johnson
Linux Security Analyst
Penguin Computing
On Thu, Dec 28, 2000 at 09:27:17AM -0500, Burke, Thomas G. wrote:
> Hey all,
>
> The subject says it all, I have had a shitload of attempts on port
> 111 (sunrpc) lately... Is there some new bug on the r* stuff, or is it just
> that all the script kiddies are out on vacation? Anybody else notice this,
> or is it just me?
>
> As an aside, I've added an (L)user link on my web site's main page
> (right below the firewall) that lists all the machines blocked from my
> machine (check out http://tomii.erols.com/lusers.txt)... Has anyone else
> ever done this? I ask as I'm sure there's a better way to do it than the
> way I did (I'm no scripter)...
>
> PS: Hey (L)user! You see my web page on here & you attack me...
> You dumbass! Since most of the posts are about ipchains, & I'm sending
> people to the link that has my firewall on it, you'd think you could at
> least go look at that firewall script before you try to run some stoopid
> unmodified script against the machine! At least then, you'd know what ports
> I was logging & you might not get cut off from your ISP (happened to 3
> people this week, I understand).... Man, I guess I'm feeling antagonistic
> today, I guess ;)....
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
