Re: strange log entry
certainly does smell like some shell code (although some of the other
characters look like an Asian character set being misinterpreted). Best
bet is to set up some IPChains/Tables rules with a Default-Deny stance and
then allow in from the outside only the very minimal required based on your
security policy. I've got a few machines which require the rpc stuff
(along with some other unsafe protocols). I disallow external connections
(incoming *and* outgoing - with logging) while allowing the internal soft
chewy center machines to communicate freely.
At 03:30 AM 5/24/2001 -0300, Peter Cordes wrote:
On Wed, May 23, 2001 at 10:58:43PM -0700, Wade Richards wrote:
> Yep, it's a security problem. Someone is trying to hack into your system
> using one of many known security bugs in the rpc daemon.
> If you don't need the rpc stuff running, then just disable it (better yet,
> uninstall it). If you really do need it running, but it's only used
> locally, then I suggest you use ipchains to drop any packets targeted to
> port 111. But best is to simply remove it entirely.
That only blocks portmap. Other UDP services can be found with a UDP port
scan by e.g. nmap.
#define X(x,y) x##y
Peter Cordes ; e-mail: X(email@example.com. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com
Eric N. Valor
- This Space Intentionally Left Blank -