From owner-freebsd-security Sun Apr 22 11: 5: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from obelix.rby.hk-r.se (obelix.rby.hk-r.se [194.47.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 06A5D37B424 for ; Sun, 22 Apr 2001 11:05:04 -0700 (PDT) (envelope-from t98pth@student.bth.se) Received: from helios.kna.hk-r.se (helios [194.47.153.5]) by obelix.rby.hk-r.se (8.10.2/8.10.2) with ESMTP id f3MI52M23078; Sun, 22 Apr 2001 20:05:02 +0200 (MEST) Received: from localhost (t98pth@localhost) by helios.kna.hk-r.se (8.9.3+Sun/8.9.3) with ESMTP id UAA01429; Sun, 22 Apr 2001 20:05:40 +0200 (MEST) X-Authentication-Warning: helios.kna.hk-r.se: t98pth owned process doing -bs Date: Sun, 22 Apr 2001 20:05:40 +0200 (MEST) From: =?ISO-8859-1?Q?P=E4r_Thoren?= X-Sender: t98pth@helios To: Dag-Erling Smorgrav Cc: freebsd-security@freebsd.org Subject: Re: rpc.statd attack In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org yes..I=B4ve added ipfw rules now. But the question was if rpc.statd logged the ip of the attacker.=20 I use ipfw to log it now. On 22 Apr 2001, Dag-Erling Smorgrav wrote: > P=E4r Thoren writes: > > Ok when I get portscanned...but these guys tries to exploit my ass. >=20 > Why is rpc.statd running? If you really need it (for NFS on your LAN, > I presume), why isn't portmap or rpcbind firewalled off so only local > hosts can access it? >=20 > DES > --=20 > Dag-Erling Smorgrav - des@ofug.org >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message