Date: Mon, 4 Jun 2001 10:14:20 -0500 (EST) From: Mike Squires <mikes@ct980320-b.blmngtn1.in.home.com> To: Josh Thomas <jdt2101@ksu.edu> Cc: freebsd-security@freebsd.org Subject: Re: rpc.statd attack before ipfw activated Message-ID: <200106041514.f54FEKL18615@ct980320-b.blmngtn1.in.home.com> In-Reply-To: <Pine.GSO.4.21L.0106040126530.3155-100000@unix1.cc.ksu.edu> "from Josh Thomas at Jun 4, 2001 01:30:42 am"
next in thread | previous in thread | raw e-mail | index | archive | help
I think this is the LINUX Ramen/Lion/Adore worm in action. The NOPs are always preceded by a check for rpc.statd services. snort will detect these. I use snortsnarf with snort; snortsnarf gives you Web lookups for the attacks. 4.3-STABLE isn't vulnerable, as far as I know. MLS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106041514.f54FEKL18615>