From owner-freebsd-security  Mon May 25 13:34:26 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA29508
          for freebsd-security-outgoing; Mon, 25 May 1998 13:34:26 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from priscilla.mu.org (paul@priscilla.mu.org [206.156.231.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA29475
          for <freebsd-security@FreeBSD.ORG>; Mon, 25 May 1998 13:34:19 -0700 (PDT)
          (envelope-from paul@priscilla.mu.org)
Received: (from paul@localhost)
	by priscilla.mu.org (8.8.8/8.8.8) id PAA20156;
	Mon, 25 May 1998 15:33:01 -0500 (CDT)
	(envelope-from paul)
Message-ID: <19980525153301.A20100@mu.org>
Date: Mon, 25 May 1998 15:33:01 -0500
From: Paul Saab <paul@mu.org>
To: Mike Smith <mike@smith.net.au>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: possible problem with portmap
References: <19980525123417.A19300@mu.org> <199805251910.MAA13972@antipodes.cdrom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1i
In-Reply-To: <199805251910.MAA13972@antipodes.cdrom.com>; from Mike Smith on Mon, May 25, 1998 at 12:10:21PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

OK.. I disabled sunrpc (port 111) at the router.  Is the worst
thing that could have happened to me be just a DoS of portmap-related
stuff?  Ie: he could not have gotten root?

Thanks,

Paul

Mike Smith (mike@smith.net.au) wrote:
> > Today I logged into our server and noticed someone sitting on port
> > 111.  Are there any known problems with portmap?
> 
> Yes.
> 
> > this is what I got from netstat..
> > tcp        0      0  tranq1.sunrpc          dialup239-1-15.s.2988  ESTABLISHED
> > tcp        0      0  tranq1.sunrpc          dialup239-1-15.s.2987  ESTABLISHED
> 
> Find out who the dialup user is; they're engaged in a portmap-related 
> DoS attack on you.
> 
> There were changes committed a few days back to address this - it was 
> also discussed on BugTraq (with a not inconsiderable degree of hysteria 
> it seems).
> 
> -- 
> \\  Sometimes you're ahead,       \\  Mike Smith
> \\  sometimes you're behind.      \\  mike@smith.net.au
> \\  The race is long, and in the  \\  msmith@freebsd.org
> \\  end it's only with yourself.  \\  msmith@cdrom.com
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message