Re: Suspicious behavior: cracked or just a dying machine?
Michael Heldebrant wrote:
> Protect your portmapper with /etc/hosts.deny and /etc/hosts.allow and
> you won't get these buffer overflow attacks squatting in your syslogs
> anymore. I only allow 127.0.0.1 and my internal networks to touch the
> portmapper. Everyone else no access, stopped me from getting those
> attacks.
My solution was simply to uninstall portmap. I couldn't figure out what
I could possibly need it for. I haven't observed any problems resulting
from this.
My standard theory is that if I see that my machine is listening on a
port, I figure out why, and if I can't figure out why I should want it
to do that, I get rid of the service or disable its listening feature.
If I only want it for my own use, I block that port at my firewall _and_
configure the service to accept only in-house IPs (_not_ including the
firewall) or 127.0.0.1 as appropriate.
Craig
Reply to: