On Sun, 29 Oct 2000, Brian wrote:
> On Sun, 29 Oct 2000, Mikkel L. Ellertson wrote:
>
> > On Sun, 29 Oct 2000, Brian wrote:
> >
> > >
> > > When someone attempts the rpc.statd exploit to a Redhat 6.2 box, are their
> > > no places their IP address gets logged? I see the attempts in
> > > /var
By default nothing logs statd traffic. This would be a good task for
ipchains - a rule to log these connections.
- rick warner
On Sun, 29 Oct 2000, Brian wrote:
> On Sun, 29 Oct 2000, Mikkel L. Ellertson wrote:
>
> > On Sun, 29 Oct 2000, Brian wrote:
> >
> > >
> > > When someone attempts
On Sun, 29 Oct 2000, Mikkel L. Ellertson wrote:
> On Sun, 29 Oct 2000, Brian wrote:
>
> >
> > When someone attempts the rpc.statd exploit to a Redhat 6.2 box, are their
> > no places their IP address gets logged? I see the attempts in
> > /var/log/messages, but nothing in any other files align
On Sun, 29 Oct 2000, Brian wrote:
>
> When someone attempts the rpc.statd exploit to a Redhat 6.2 box, are their
> no places their IP address gets logged? I see the attempts in
> /var/log/messages, but nothing in any other files aligning to an ip
> address.
>
> Brian
>
It depends on your fire
When someone attempts the rpc.statd exploit to a Redhat 6.2 box, are their
no places their IP address gets logged? I see the attempts in
/var/log/messages, but nothing in any other files aligning to an ip
address.
Brian
---
Brian Feeny, CCNP, CCDP
On Sun, 10 Sep 2000, Jasper Jans wrote:
> Setup ipchains to log all connection attempts to nfs
> that are not comming from your domain - and deny them.
> That should give you what you need.
Be proactive and multilayered in your defense:
Set up ipchains to block *all* traffic and then explicitly
Setup ipchains to log all connection attempts to nfs
that are not comming from your domain - and deny them.
That should give you what you need.
J.
4:37pm up 7 day(s), 23:36, 4 users, load average: 0.01, 0.02, 0.02
On Sat, 9 Sep 2000, Dan Horth wrote:
> hiya - I've been having some script
hiya - I've been having some script kiddies trying to break into our
servers (again) but don't remember seeing messages like this before
in my log files.
What annoys me most about this attempt is that I don't have any
record of where the connection came from, or any other relevant
messages in
