[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rpc.statd

On Mon, Apr 09, 2001 at 12:18:50AM +0200, Sander Smeenk (CistroN Medewerker) wrote:
> > 
> > > I saw this in my logs today.
> > > 
> > > Apr  8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
> > > It looks like statd is still running. Is rpc still vulnerable? 
> > > Is there a way to track down who connected to rpc.statd?

Maybe if the rcp.statd is not dedicated to the whole internet you
can use ipchains/iptables to filter the access and logging the
attempt of connection (with the -l flag).

Then with logcheck you will have the report of intrusions.

Andrea Fanfani 
Era  talmente intelligente  che, datogli  in  mano un  cubo di  Rubik,
riusciva a mangiarlo in 15 secondi netti. (Anonimo)

Reply to: