From owner-freebsd-security Fri Apr 20 14:31:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.fdma.com (mail.fdma.com [216.241.67.73]) by hub.freebsd.org (Postfix) with ESMTP id 4596937B43C for ; Fri, 20 Apr 2001 14:31:10 -0700 (PDT) (envelope-from scheidell@fdma.com) Received: from MIKELT (mikelt.fdma.lan [192.168.3.5]) by mail.fdma.com (8.11.3/8.11.3) with SMTP id f3KLUpg57538 for ; Fri, 20 Apr 2001 17:30:52 -0400 (EDT) Message-ID: <004e01c0c9e1$2cb1d390$0503a8c0@fdma.com> From: "Michael Scheidell" To: References: Subject: Re: rpc.statd attack Date: Fri, 20 Apr 2001 17:30:50 -0400 Organization: Florida Datamation, Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Pär Thoren" wrote in message news:Pine.GSO.4.21.0104202315040.27489-100000@helios... > > Ok when I get portscanned...but these guys tries to exploit my ass. set up ipfw for next round. I suspect that there is a 'probe' for port 111, every day this happens 3 or 4 times a day on every system I monitor. If you want to log them, and automatically have them reported, see www.mynetwatchman.com there is a perl agent available that will autoupload deny's from ipfw logs (cisco logs, sonicwall logs, and bonus: versio.bind queries are logges at pudp port 53 attacks for you as well) The freebsd files are not in a ports package (yet) but if somone wants to do it, I have the perl scripts and rc.d/sh startup file available. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message