On Mon, Jun 18, 2001 at 03:46:13PM +1000, Ian Miller wrote:
> add the line /sbin/ipchains -A input -i -p TCP -s !
> -d 111 -l -j DENY to block the rpc statd attacks
> from your external network
port 111 is portmap, not rpc.statd. all blocking portmap will do is
prevent them from conveniently g
add the line /sbin/ipchains -A input -i -p TCP -s !
-d 111 -l -j DENY to block the rpc statd attacks
from your external network
- Original Message -
From: "Christian Jaeger" <[EMAIL PROTECTED]>
To:
Sent: Monday, June 18, 2001 11:06 AM
Subject: Are these breakin attem
On Mon, Jun 18, 2001 at 03:46:13PM +1000, Ian Miller wrote:
> add the line /sbin/ipchains -A input -i -p TCP -s !
> -d 111 -l -j DENY to block the rpc statd attacks
> from your external network
port 111 is portmap, not rpc.statd. all blocking portmap will do is
prevent them from conveniently
On Mon, Jun 18, 2001 at 03:06:14AM +0200, Christian Jaeger wrote:
> Hello,
>
> I run a pc with potato on a cable modem line. Recently I discovered
> the following in /var/log/messages:
>
> Jun 10 20:21:16 pflanze -- MARK --
> Jun 10 20:33:55 pflanze
> Jun 10 20:33:55 pflanze /sbin/rpc.statd[229]
add the line /sbin/ipchains -A input -i -p TCP -s !
-d 111 -l -j DENY to block the rpc statd attacks
from your external network
- Original Message -
From: "Christian Jaeger" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 18, 2001 11:06 AM
Subj
On Mon, Jun 18, 2001 at 03:06:14AM +0200, Christian Jaeger wrote:
> Hello,
>
> I run a pc with potato on a cable modem line. Recently I discovered
> the following in /var/log/messages:
>
> Jun 10 20:21:16 pflanze -- MARK --
> Jun 10 20:33:55 pflanze
> Jun 10 20:33:55 pflanze /sbin/rpc.statd[229
Yes, they are likely breakin attempts. Why in the *world* are you running
rpc.statd (or portmap, or...nevermind...some people can't be helped) on a
publicly accessable machine. That's flat out stupid.
Ken Seefried, CISSP
Christian Jaeger writes:
Hello,
I run a pc with potato on a cabl
Hello,
I run a pc with potato on a cable modem line. Recently I discovered
the following in /var/log/messages:
Jun 10 20:21:16 pflanze -- MARK --
Jun 10 20:33:55 pflanze
Jun 10 20:33:55 pflanze /sbin/rpc.statd[229]: gethostbyname error for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%
Yes, they are likely breakin attempts. Why in the *world* are you running
rpc.statd (or portmap, or...nevermind...some people can't be helped) on a
publicly accessable machine. That's flat out stupid.
Ken Seefried, CISSP
Christian Jaeger writes:
> Hello,
>
> I run a pc with potato on
Hello,
I run a pc with potato on a cable modem line. Recently I discovered
the following in /var/log/messages:
Jun 10 20:21:16 pflanze -- MARK --
Jun 10 20:33:55 pflanze
Jun 10 20:33:55 pflanze /sbin/rpc.statd[229]: gethostbyname error for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%
10 matches
Mail list logo
