From owner-freebsd-security Thu Mar 8 6:41:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from castle.dreaming.org (castle.dreaming.org [216.221.214.170]) by hub.freebsd.org (Postfix) with ESMTP id 13BCE37B718 for ; Thu, 8 Mar 2001 06:41:25 -0800 (PST) (envelope-from mit@mitayai.net) Received: from cr592943a (host-177.creativehouse.maxlink.com [216.221.214.177]) by castle.dreaming.org (8.11.2/8.11.2) with SMTP id f28EfM007157; Thu, 8 Mar 2001 09:41:22 -0500 (EST) (envelope-from mit@mitayai.net) From: "Will Mitayai Keeso Rowe" To: "Will Andrews" Cc: , "Will Mitayai Keeso Rowe" , Subject: RE: strange messages Date: Thu, 8 Mar 2001 09:38:46 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20010308094055.L45561@ohm.physics.purdue.edu> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org if someone was trying to exploit your machine, wouldn't you want to know where they were doing it from, especially wrt inside or outside the network? :-----Original Message----- :From: Will Andrews [mailto:will@physics.purdue.edu] :Sent: March 8, 2001 09:41 AM :To: Will Mitayai Keeso Rowe :Cc: tjk@tksoft.com; Will Mitayai Keeso Rowe; will@physics.purdue.edu; :freebsd-security@FreeBSD.ORG :Subject: Re: strange messages : : :On Thu, Mar 08, 2001 at 09:33:30AM -0500, Will Mitayai Keeso Rowe wrote: :> Acording to CERT (the latest statd message seems to be :> http://www.kb.cert.org/vuls/id/34043) :> FreeBSD is not vulnerable to rpc.statd problems. :> :> But, i still have a question... how can i better log attempts to hack my :> machine's rpc.statd? It would be nice to have an IP of the :connecting box so :> i can see if they are doing it remotely or by an account on my machine. : :Tcpwrappers or ipfw? What good is this information? : :-- :wca : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message