On Mon, Apr 09, 2001 at 12:18:50AM +0200, Sander Smeenk (CistroN Medewerker) wrote:
> >
> > > I saw this in my logs today.
> > >
> > > Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
> > > It looks like statd is still running. Is rpc still vulnerable?
> > > Is there a way to track down who connected to rpc.statd?
Maybe if the rcp.statd is not dedicated to the whole internet you
can use ipchains/iptables to filter the access and logging the
attempt of connection (with the -l flag).
Then with logcheck you will have the report of intrusions.
Regards
a.f.
--
Andrea Fanfani
Era talmente intelligente che, datogli in mano un cubo di Rubik,
riusciva a mangiarlo in 15 secondi netti. (Anonimo)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
