From owner-freebsd-questions Mon Apr 23 14:54: 4 2001 Delivered-To: freebsd-questions@freebsd.org Received: from tethys.valhalla.net (tethys.valhalla.net [195.26.32.112]) by hub.freebsd.org (Postfix) with ESMTP id 2464737B422 for ; Mon, 23 Apr 2001 14:54:01 -0700 (PDT) (envelope-from mark@tethys.valhalla.net) Received: by tethys.valhalla.net (Postfix, from userid 500) id D48B032E80; Mon, 23 Apr 2001 22:53:59 +0100 (BST) Date: Mon, 23 Apr 2001 22:53:59 +0100 From: Mark Drayton To: Beech Rintoul Subject: Re: Continously getting error 'rpc.statd: invalid hostname to sm_stat: ...' could it be a DOS attack? Message-ID: <20010423225359.A14549@tethys.valhalla.net> Mail-Followup-To: Beech Rintoul References: <200104231831.OAA47437@mail2.wmptl.com> <01042310270701.01587@galaxy.anchoragerescue.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <01042310270701.01587@galaxy.anchoragerescue.org>; from akbeech@anchoragerescue.org on Mon, Apr 23, 2001 at 10:27:07AM -0800 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Beech Rintoul (akbeech@anchoragerescue.org) wrote: > On Monday 23 April 2001 10:31, Nathan Vidican wrote: > > We have been, (for several weeks now), been getting the error > > message (logged to both the console, and /var/log/messages) as > > follows: [snip linux rpc.statd overflow log message] > It' a hack attempt with an old Linux kiddie script. Never affected > FreeBSD, and no longer works on Linux. I wouldn't worry about it, we > get that three or four times a day. You should firewall off access to your NFS daemons and get some kind of intrusion detection system (such as snort) to log the source address of these attacks. NFS daemons should not be accessible from the internet. -- Mark Drayton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message