Date: Thu, 08 Mar 2001 10:38:52 -0700 From: Wes Peters <wes@softweyr.com> To: Will Andrews <will@physics.purdue.edu> Cc: Will Mitayai Keeso Rowe <mit@mitayai.net>, tjk@tksoft.com, Will Mitayai Keeso Rowe <mitayai@dreaming.org>, freebsd-security@FreeBSD.ORG Subject: Re: strange messages Message-ID: <3AA7C3AC.42537D68@softweyr.com> References: <200103081428.GAA02075@uno.tksoft.com> <NEBBIEGPMLMKDBMMICFNIEIPELAA.mit@mitayai.net> <20010308094055.L45561@ohm.physics.purdue.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Will Andrews wrote: > > On Thu, Mar 08, 2001 at 09:33:30AM -0500, Will Mitayai Keeso Rowe wrote: > > Acording to CERT (the latest statd message seems to be > > http://www.kb.cert.org/vuls/id/34043) > > FreeBSD is not vulnerable to rpc.statd problems. > > > > But, i still have a question... how can i better log attempts to hack my > > machine's rpc.statd? It would be nice to have an IP of the connecting box so > > i can see if they are doing it remotely or by an account on my machine. > > Tcpwrappers or ipfw? What good is this information? ipfilter + ipmon. You can use this information to track down their ISP and get their account pulled, working up the chain if you have to. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AA7C3AC.42537D68>