Complete.Org: Mailing Lists: Archives: discussion: May 2001:
[aclug-L] Re: Buffer overflow attempt??
Home

[aclug-L] Re: Buffer overflow attempt??

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: <discussion@xxxxxxxxx>
Subject: [aclug-L] Re: Buffer overflow attempt??
From: "Dale W Hodge" <dwh@xxxxxxxxxxxxxxxx>
Date: Wed, 23 May 2001 17:02:44 -0500
Reply-to: discussion@xxxxxxxxx



> -----Original Message-----
> From: discussion-bounce@xxxxxxxxx [mailto:discussion-bounce@xxxxxxxxx]On
> Behalf Of james l
> Sent: Wednesday, May 23, 2001 1:03 PM
> To: discussion@xxxxxxxxx
> Subject: [aclug-L] Re: Buffer overflow attempt??
>
>
>
> Root/Great Overall Dictator replies:
> > Now that I think about it, I think I was seeing something like
> this back in
> > March, before my systems got hacked. I just thought it was bad
> information,
> > or chewed up headers or something like that. As a matter of
> fact, looking
> > through my logs reveals a very similar pattern around the 22nd of April
> > (that's as far back as my logs go).
> > As a tangent to that, I'm seeing quite a few entries in my
> portsentry logs
> > about attempts to access port 111, which is the sunrpc port,
> which I think
> > is tied to portmapper. <dumbquestion> What is portmapper, and
> why would I
> > want it running? </dumbquestion>
> >
> > ja
> > ???????????
>
> rpc (portmapper) is what nfs uses for communtication. If you are
> using nfs,
> you need it, if not you don't. (Theoritically something else could use rpc
> but on redhat I haven't found any need unless I am running nfs)
>
> James l

After seeing several attempts like that, I've decided to block that port at
the router. I've also blocked samba at the router, and if I see any more
strange log entries I'm going to add them to the list of ports to block. I
don't want to block the ports on the individual hosts as some services are
needed on the local subnet.

--dwh

---
Dale W Hodge - dwh@xxxxxxxxxxxxxxxx
Secretary & Website Maintainer - info@xxxxxxxxx
Air Capital Linux User's Group  (ACLUG)
---


-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]