From owner-freebsd-security Mon May 25 13:14:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA26275 for freebsd-security-outgoing; Mon, 25 May 1998 13:14:29 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from antipodes.cdrom.com (castles348.castles.com [208.214.167.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA26268 for ; Mon, 25 May 1998 13:14:24 -0700 (PDT) (envelope-from mike@antipodes.cdrom.com) Received: from antipodes.cdrom.com (localhost [127.0.0.1]) by antipodes.cdrom.com (8.8.8/8.8.5) with ESMTP id MAA13972; Mon, 25 May 1998 12:10:21 -0700 (PDT) Message-Id: <199805251910.MAA13972@antipodes.cdrom.com> X-Mailer: exmh version 2.0zeta 7/24/97 To: Paul Saab cc: freebsd-security@FreeBSD.ORG Subject: Re: possible problem with portmap In-reply-to: Your message of "Mon, 25 May 1998 12:34:17 CDT." <19980525123417.A19300@mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 25 May 1998 12:10:21 -0700 From: Mike Smith Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk > Today I logged into our server and noticed someone sitting on port > 111. Are there any known problems with portmap? Yes. > this is what I got from netstat.. > tcp 0 0 tranq1.sunrpc dialup239-1-15.s.2988 ESTABLISHED > tcp 0 0 tranq1.sunrpc dialup239-1-15.s.2987 ESTABLISHED Find out who the dialup user is; they're engaged in a portmap-related DoS attack on you. There were changes committed a few days back to address this - it was also discussed on BugTraq (with a not inconsiderable degree of hysteria it seems). -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message