Re: rpc.statd
On Mon, Apr 09, 2001 at 12:18:50AM +0200, Sander Smeenk (CistroN Medewerker) wrote:
> >
> > > I saw this in my logs today.
> > >
> > > Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
> > > It looks like statd is still running. Is rpc still vulnerable?
> > > Is there a way to track down who connected to rpc.statd?
Maybe if the rcp.statd is not dedicated to the whole internet you
can use ipchains/iptables to filter the access and logging the
attempt of connection (with the -l flag).
Then with logcheck you will have the report of intrusions.
Regards
a.f.
--
Andrea Fanfani
Era talmente intelligente che, datogli in mano un cubo di Rubik,
riusciva a mangiarlo in 15 secondi netti. (Anonimo)
Reply to:
- References:
- rpc.statd
- From: "Robert Bartels" <rbartels@qx.net>
- Re: rpc.statd
- From: Alexander Hvostov <vulture@aoi.dyndns.org>
- Re: rpc.statd
- From: "Sander Smeenk \(CistroN Medewerker\)" <ssmeenk@cistron.nl>