Re: Suspicious behavior: cracked or just a dying machine?

To: debian-user@lists.debian.org
Subject: Re: Suspicious behavior: cracked or just a dying machine?
From: Craig Dickson <crdic@yahoo.com>
Date: Wed, 15 Aug 2001 10:22:35 -0700
Message-id: <[🔎] 20010815102235.A2447@crdic.ath.cx>
In-reply-to: <[🔎] 997891431.6345.26.camel@forum>
References: <[🔎] 5.1.0.14.0.20010815130042.02515cb0@mercurio> <[🔎] 997891431.6345.26.camel@forum>

Michael Heldebrant wrote:

> Protect your portmapper with /etc/hosts.deny and /etc/hosts.allow and
> you won't get these buffer overflow attacks squatting in your syslogs
> anymore.  I only allow 127.0.0.1 and my internal networks to touch the
> portmapper.  Everyone else no access, stopped me from getting those
> attacks.

My solution was simply to uninstall portmap. I couldn't figure out what
I could possibly need it for. I haven't observed any problems resulting
from this.

My standard theory is that if I see that my machine is listening on a
port, I figure out why, and if I can't figure out why I should want it
to do that, I get rid of the service or disable its listening feature.
If I only want it for my own use, I block that port at my firewall _and_
configure the service to accept only in-house IPs (_not_ including the
firewall) or 127.0.0.1 as appropriate.

Craig

Reply to:

Follow-Ups:
- Re: Suspicious behavior: cracked or just a dying machine?
  - From: Michael Heldebrant <hmike@portalofevil.com>

References:
- Re: Suspicious behavior: cracked or just a dying machine?
  - From: Miguel Griffa <mgriffa@technisys.net>
- Re: Suspicious behavior: cracked or just a dying machine?
  - From: Michael Heldebrant <hmike@portalofevil.com>

Prev by Date: Re: debian-user-digest Digest V101 #1132
Next by Date: Re: Netscape as root, sndconfig
Previous by thread: Re: Suspicious behavior: cracked or just a dying machine?
Next by thread: Re: Suspicious behavior: cracked or just a dying machine?
Index(es):
- Date
- Thread