Date: Thu, 17 May 2001 14:07:43 -0500 From: Christopher Schulte <christopher@schulte.org> To: anderson@centtech.com, Bill Mitcheson <turtle@pyramus.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: New info on our Port 1023 problem. Message-ID: <5.1.0.14.0.20010517140530.034218f8@pop.schulte.org> In-Reply-To: <3B042079.AC957064@centtech.com> References: <Pine.BSF.4.21.0105171414450.12195-100000@mail.wlcg.com> <3B042085.39247322@pyramus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Don't forget /var/yp/securenets man ypserv(8) will help you. If NIS is not used, kill it. In any event, do a full service audit and turn off all unused services. This is a basic sysadmin principle. At 02:03 PM 5/17/2001 -0500, Eric Anderson wrote: >It's typically pretty insecure. If you aren't running NIS/YP on your >machines, you can get rid of it. If you do need it, you should be >filtering it with ipfw or ipfilter. > >Eric > > > >Bill Mitcheson wrote: > > > > I ran sockstat and came up with the following: > > > > root ypserv 117 5 tcp *.1023 *.* > > > > Ypserv was also running on a couple of other ports as UDP instead of > TCP. Is > > this bad? > > > > Rob Simmons wrote: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: RIPEMD160 > > > > > > Were you running any services on that port? The command "sockstat" > should > > > tell you if there is anything listening on that port. If there is > nothing > > > listening on the port, you don't have to worry about them poking at that > > > port. > > > > > > Robert Simmons > > > Systems Administrator > > > http://www.wlcg.com/ > > > > > > On Thu, 17 May 2001, Bill Mitcheson wrote: > > > > > > > We noticed unauthorized activity yesterday. After investigating we > found > > > > that there was someone coming in from Asia and they were trying to > > > > access port 1023. I could not find much info on that port and was > > > > wondering if anyone knows of that port, what common attacks to that > port > > > > are, and how to stop future attacks? > > > > > > > > Bill Mitcheson. > > > > Network Administrator, > > > > Pyramus Online. > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.0.5 (FreeBSD) > > > Comment: For info see http://www.gnupg.org > > > > > > iD8DBQE7BBXQv8Bofna59hYRAwgNAJ0WjqRSOsNgHibg59s7JJjPOovwAACeNExx > > > xntXYcmqMvzu6ER22/biI5I= > > > =WrEW > > > -----END PGP SIGNATURE----- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > >-- >------------------------------------------------------------------------------- >Eric Anderson anderson@centtech.com Centaur Technology (512) >418-5792 >The idea is to die young as late as possible. >------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20010517140530.034218f8>