Date: Thu, 8 Mar 2001 08:08:45 -0800 From: "oldfart@gtonet" <oldfart@gtonet.net> To: <security@freebsd.org> Subject: RE: strange messages Message-ID: <BIEHKEFNHFMMJEKCDMLNCEBBCGAA.oldfart@gtonet.net> In-Reply-To: <20010308164406.A383@nebula.cybercable.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: Maxime Henrion [mailto:mux@qualys.com] > Sent: Thursday, March 08, 2001 7:44 AM > To: security@freebsd.org > Cc: oldfart@gtonet > Subject: Re: strange messages > > > oldfart@gtonet wrote: > > > Linux script kiddie running a Linux rpc.statd exploit on your box that > > > (surprise!) doesn't work on FreeBSD. :-) > > > > No, I don't think so, because I get that error on my NFS server > too and I > > know who's on that box and what they're running (unless this is a remote > > exploit) > It *is* a remote exploit. > > Maxime Fair enough, I've blocked ports 111, 1011 + 1022, which seem to be portmapper(sunrpc) and rpc.stat according to /etc/services and sockstat respectively, at my firewall. If this *is* indeed an attempted exploit I *should* be dropping the packets and logging where it came from if it's not spoofed. If I *do* end up with more of those errors then that should prove it's *not* an exploit attempt, right? Only time will tell, OF > -- > Don't be fooled by cheap finnish imitations ; BSD is the One True Code > Key fingerprint = F9B6 1D5A 4963 331C 88FC CA6A AB50 1EF2 8CBE 99D6 > Public Key : http://www.epita.fr/~henrio_m/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BIEHKEFNHFMMJEKCDMLNCEBBCGAA.oldfart>