[aclug-L] Re: Buffer overflow attempt??
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
> -----Original Message-----
> From: discussion-bounce@xxxxxxxxx [mailto:discussion-bounce@xxxxxxxxx]On
> Behalf Of james l
> Sent: Wednesday, May 23, 2001 1:03 PM
> To: discussion@xxxxxxxxx
> Subject: [aclug-L] Re: Buffer overflow attempt??
> Root/Great Overall Dictator replies:
> > Now that I think about it, I think I was seeing something like
> this back in
> > March, before my systems got hacked. I just thought it was bad
> > or chewed up headers or something like that. As a matter of
> fact, looking
> > through my logs reveals a very similar pattern around the 22nd of April
> > (that's as far back as my logs go).
> > As a tangent to that, I'm seeing quite a few entries in my
> portsentry logs
> > about attempts to access port 111, which is the sunrpc port,
> which I think
> > is tied to portmapper. <dumbquestion> What is portmapper, and
> why would I
> > want it running? </dumbquestion>
> > ja
> > ???????????
> rpc (portmapper) is what nfs uses for communtication. If you are
> using nfs,
> you need it, if not you don't. (Theoritically something else could use rpc
> but on redhat I haven't found any need unless I am running nfs)
> James l
After seeing several attempts like that, I've decided to block that port at
the router. I've also blocked samba at the router, and if I see any more
strange log entries I'm going to add them to the list of ports to block. I
don't want to block the ports on the individual hosts as some services are
needed on the local subnet.
Dale W Hodge - dwh@xxxxxxxxxxxxxxxx
Secretary & Website Maintainer - info@xxxxxxxxx
Air Capital Linux User's Group (ACLUG)
-- This is the discussion@xxxxxxxxx list. To unsubscribe,