Date: Fri, 16 Feb 2001 16:24:07 +0200 From: Peter Pentchev <roam@orbitel.bg> To: Artem Koutchine <matrix@ipform.ru> Cc: questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: rpc.statd attack Message-ID: <20010216162407.D474@ringworld.oblivion.bg> In-Reply-To: <004201c09823$1a423dc0$0c00a8c0@ipform.ru>; from matrix@ipform.ru on Fri, Feb 16, 2001 at 05:16:47PM %2B0300 References: <004201c09823$1a423dc0$0c00a8c0@ipform.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 16, 2001 at 05:16:47PM +0300, Artem Koutchine wrote:
> Hi!
>
> I am regulary getting this:
>
[snip (unsuccessful, useless against fbsd) attack log]
>
> What port should i close or log to detect the connection? I am sure
> this is a script
> kiddie, so no IP spoffing or anything tricky is envolved. I'd like log
> it with ipfw and
> kick that junkie butt. So, what port is it or as always with RPC it is
> a tricky business?
If you consider rpcinfo -p | egrep -e 'udp.*status$' | awk '{print $4}'
to be a tricky business, then yes, it is a tricky business ;)
G'luck,
Peter
--
When you are not looking at it, this sentence is in Spanish.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010216162407.D474>