[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: strange log entry

certainly does smell like some shell code (although some of the other characters look like an Asian character set being misinterpreted). Best bet is to set up some IPChains/Tables rules with a Default-Deny stance and then allow in from the outside only the very minimal required based on your security policy. I've got a few machines which require the rpc stuff (along with some other unsafe protocols). I disallow external connections (incoming *and* outgoing - with logging) while allowing the internal soft chewy center machines to communicate freely.

At 03:30 AM 5/24/2001 -0300, Peter Cordes wrote:
On Wed, May 23, 2001 at 10:58:43PM -0700, Wade Richards wrote:
> Yep, it's a security problem.  Someone is trying to hack into your system
> using one of many known security bugs in the rpc daemon.
> If you don't need the rpc stuff running, then just disable it (better yet,
> uninstall it).  If you really do need it running, but it's only used
> locally, then I suggest you use ipchains to drop any packets targeted to
> port 111.   But best is to simply remove it entirely.

 That only blocks portmap.  Other UDP services can be found with a UDP port
scan by e.g. nmap.

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Eric N. Valor
Lutris Technologies

- This Space Intentionally Left Blank -

Reply to: