From owner-freebsd-security Thu Mar 8 9:40:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id C0C0337B71B for ; Thu, 8 Mar 2001 09:40:05 -0800 (PST) (envelope-from wes@softweyr.com) Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 14b4NI-0000AL-00; Thu, 08 Mar 2001 10:38:52 -0700 Message-ID: <3AA7C3AC.42537D68@softweyr.com> Date: Thu, 08 Mar 2001 10:38:52 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Will Andrews Cc: Will Mitayai Keeso Rowe , tjk@tksoft.com, Will Mitayai Keeso Rowe , freebsd-security@FreeBSD.ORG Subject: Re: strange messages References: <200103081428.GAA02075@uno.tksoft.com> <20010308094055.L45561@ohm.physics.purdue.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Will Andrews wrote: > > On Thu, Mar 08, 2001 at 09:33:30AM -0500, Will Mitayai Keeso Rowe wrote: > > Acording to CERT (the latest statd message seems to be > > http://www.kb.cert.org/vuls/id/34043) > > FreeBSD is not vulnerable to rpc.statd problems. > > > > But, i still have a question... how can i better log attempts to hack my > > machine's rpc.statd? It would be nice to have an IP of the connecting box so > > i can see if they are doing it remotely or by an account on my machine. > > Tcpwrappers or ipfw? What good is this information? ipfilter + ipmon. You can use this information to track down their ISP and get their account pulled, working up the chain if you have to. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message