Date: Fri, 20 Apr 2001 21:01:59 -0500 (EST) From: Mike Squires <mikes@ct980320-b.blmngtn1.in.home.com> To: jgrosch@mooseriver.com Cc: freebsd-security@freebsd.org Subject: Re: rpc.statd attack Message-ID: <200104210201.f3L21xf14241@ct980320-b.blmngtn1.in.home.com> In-Reply-To: <20010420143734.A79887@mooseriver.com> "from Josef Grosch at Apr 20, 2001 02:37:35 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> I saw a couple of these in my log files last night. I also would like to > find out what the IP of these bozos is. I'd like to let their ISP know that > these guys need to be spank pretty hard. I get them all the time; I assume they are varients of the Ramen attack. I use snort 1.7 to track the alleged incoming IP numbers; a few ISP's have reported back to me that in fact they found hacked LINUX boxes at the indicated address. (snort 1.7 from ports, plus snortsnarf from www.snort.org to put the logs into a quickly readable format). MLS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104210201.f3L21xf14241>