Re: strange log entry

To: debian-security@lists.debian.org
Subject: Re: strange log entry
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Thu, 24 May 2001 03:30:54 -0300
Message-id: <20010524033053.G14933@llama.nslug.ns.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <E152o8x-0002tC-00@coffee.dyndns.org>; from wrichard@direct.ca on Wed, May 23, 2001 at 10:58:43PM -0700
References: <200105240507.PAA17435@new-smtp1.ihug.com.au> <E152o8x-0002tC-00@coffee.dyndns.org>

On Wed, May 23, 2001 at 10:58:43PM -0700, Wade Richards wrote:
> Yep, it's a security problem.  Someone is trying to hack into your system 
> using one of many known security bugs in the rpc daemon.
> 
> If you don't need the rpc stuff running, then just disable it (better yet, 
> uninstall it).  If you really do need it running, but it's only used 
> locally, then I suggest you use ipchains to drop any packets targeted to 
> port 111.   But best is to simply remove it entirely.

 That only blocks portmap.  Other UDP services can be found with a UDP port
scan by e.g. nmap.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to:

Follow-Ups:
- Re: strange log entry
  - From: "Eric N. Valor" <eric.valor@lutris.com>

References:
- strange log entry
  - From: trev26@ihug.com.au
- Re: strange log entry
  - From: Wade Richards <wrichard@direct.ca>

Prev by Date: Re: strange log entry
Next by Date: Re: strange log entry
Previous by thread: Re: strange log entry
Next by thread: Re: strange log entry
Index(es):
- Date
- Thread