Re: rpc.statd
Quoting Alexander Hvostov (vulture@aoi.dyndns.org):
> On Sun, 8 Apr 2001 18:04:54 -0400
> "Robert Bartels" <rbartels@qx.net> wrote:
>
> > I saw this in my logs today.
> >
> > Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
> > It looks like statd is still running. Is rpc still vulnerable?
> > Is there a way to track down who connected to rpc.statd?
Try installing iploggers (tcplogd, icmplogd), these tools report the
IP address of the user connecting to your system...
You'll get messages like:
Apr 9 00:17:57 recalcitrant tcplogd: smtp connection attempt from
recalcitrant [127.0.0.1]
Hope that helps tracking evil users :]
Regards,
Sander.
--
| He who laughs last is probably your boss.
| Cistron Internet: php/c/perl/html/c++/sed/awk/linux/sql/cgi/security
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D
Reply to:
- References:
- rpc.statd
- From: "Robert Bartels" <rbartels@qx.net>
- Re: rpc.statd
- From: Alexander Hvostov <vulture@aoi.dyndns.org>