From owner-freebsd-stable Fri Jul 20 9:28:11 2001 Delivered-To: freebsd-stable@freebsd.org Received: from snafu.adept.org (snafu.adept.org [63.201.63.44]) by hub.freebsd.org (Postfix) with ESMTP id 2EEC937B403 for ; Fri, 20 Jul 2001 09:28:09 -0700 (PDT) (envelope-from mike@adept.org) Received: by snafu.adept.org (Postfix, from userid 1000) id 098B49EE06; Fri, 20 Jul 2001 09:27:11 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by snafu.adept.org (Postfix) with ESMTP id 0782A9B00C; Fri, 20 Jul 2001 09:27:11 -0700 (PDT) Date: Fri, 20 Jul 2001 09:27:10 -0700 (PDT) From: Mike Hoskins To: admin@kremilek.gyrec.cz Cc: freebsd-stable@FreeBSD.org Subject: Re: probably remote exploit In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 20 Jul 2001 admin@kremilek.gyrec.cz wrote: > Probably just warning. I personally couldn't believe it, but on > the last list of my 4.2-RELEASE appeared that host sh2.1-sh.com was logged > as user Jim. The one bad thing I did, that firewall wasnt working and > there is NFS available ... If you allow anyone to play with RPC, you'll be hacked. Appropriate configuration of your firewall and/or /etc/hosts.allow in the absense of packet filtering will close this hole. Later, -Mike -- 2^n eyes are better than 2. Join the logwatchers community today. http://www.adept.org/mailinglists.html#logwatchers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message