[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rpc.statd

Quoting Alexander Hvostov (vulture@aoi.dyndns.org):
> On Sun, 8 Apr 2001 18:04:54 -0400
> "Robert Bartels" <rbartels@qx.net> wrote:
> > I saw this in my logs today.
> > 
> > Apr  8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
> > It looks like statd is still running. Is rpc still vulnerable? 
> > Is there a way to track down who connected to rpc.statd?

Try installing iploggers (tcplogd, icmplogd), these tools report the 
IP address of the user connecting to your system... 

You'll get messages like:

Apr  9 00:17:57 recalcitrant tcplogd: smtp connection attempt from 
                                      recalcitrant []

Hope that helps tracking evil users :]


| He who laughs last is probably your boss.
| Cistron Internet: php/c/perl/html/c++/sed/awk/linux/sql/cgi/security
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8  9BDB D463 7E41 08CE C94D

Reply to: