Re: rpc.statd

To: debian-security@lists.debian.org
Subject: Re: rpc.statd
From: andrea@debian.org
Date: Mon, 9 Apr 2001 00:23:06 +0200
Message-id: <20010409002306.I616@localhost>
In-reply-to: <20010409001850.A10372@cistron.nl>; from ssmeenk@cistron.nl on Mon, Apr 09, 2001 at 12:18:50AM +0200
References: <MGEDJOMNEECFEHABEGMFCEOMCKAA.rbartels@qx.net> <20010408154620.48dd8024.vulture@aoi.dyndns.org> <20010409001850.A10372@cistron.nl>

On Mon, Apr 09, 2001 at 12:18:50AM +0200, Sander Smeenk (CistroN Medewerker) wrote:
> > 
> > > I saw this in my logs today.
> > > 
> > > Apr  8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
> > > It looks like statd is still running. Is rpc still vulnerable? 
> > > Is there a way to track down who connected to rpc.statd?

Maybe if the rcp.statd is not dedicated to the whole internet you
can use ipchains/iptables to filter the access and logging the
attempt of connection (with the -l flag).

Then with logcheck you will have the report of intrusions.

Regards
a.f.
-- 
Andrea Fanfani 
Era  talmente intelligente  che, datogli  in  mano un  cubo di  Rubik,
riusciva a mangiarlo in 15 secondi netti. (Anonimo)

Reply to:

Follow-Ups:
- Re: rpc.statd
  - From: Ethan Benson <erbenson@alaska.net>

References:
- rpc.statd
  - From: "Robert Bartels" <rbartels@qx.net>
- Re: rpc.statd
  - From: Alexander Hvostov <vulture@aoi.dyndns.org>
- Re: rpc.statd
  - From: "Sander Smeenk \(CistroN Medewerker\)" <ssmeenk@cistron.nl>

Prev by Date: Re: rpc.statd
Next by Date: Re: rpc.statd
Previous by thread: Re: rpc.statd
Next by thread: Re: rpc.statd
Index(es):
- Date
- Thread