From owner-freebsd-security  Fri Mar  9 16: 3: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from grok.example.net (a0g1355ly34tj.bc.hsia.telus.net [216.232.252.235])
	by hub.freebsd.org (Postfix) with ESMTP id E98DC37B718
	for <freebsd-security@FreeBSD.ORG>; Fri,  9 Mar 2001 16:03:06 -0800 (PST)
	(envelope-from sreid@sea-to-sky.net)
Received: by grok.example.net (Postfix, from userid 1000)
	id 2421721334A; Fri,  9 Mar 2001 16:02:19 -0800 (PST)
Date: Fri, 9 Mar 2001 16:02:18 -0800
From: Steve Reid <sreid@sea-to-sky.net>
To: Will Mitayai Keeso Rowe <mit@mitayai.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: strange messages
Message-ID: <20010309160218.A3423@grok.bc.hsia.telus.net>
References: <200103081428.GAA02075@uno.tksoft.com> <NEBBIEGPMLMKDBMMICFNIEIPELAA.mit@mitayai.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
In-Reply-To: <NEBBIEGPMLMKDBMMICFNIEIPELAA.mit@mitayai.net>; from Will Mitayai Keeso Rowe on Thu, Mar 08, 2001 at 09:33:30AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Mar 08, 2001 at 09:33:30AM -0500, Will Mitayai Keeso Rowe wrote:
> But, i still have a question... how can i better log attempts to hack my
> machine's rpc.statd? It would be nice to have an IP of the connecting box so
> i can see if they are doing it remotely or by an account on my machine.

I believe Snort will detect this and many other things. That's exactly
what IDS'es are for.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message