certainly does smell like some shell code (although some of the other characters look like an Asian character set being misinterpreted). Best bet is to set up some IPChains/Tables rules with a Default-Deny stance and then allow in from the outside only the very minimal required based on your security policy. I've got a few machines which require the rpc stuff (along with some other unsafe protocols). I disallow external connections (incoming *and* outgoing - with logging) while allowing the internal soft chewy center machines to communicate freely.
At 03:30 AM 5/24/2001 -0300, Peter Cordes wrote:
On Wed, May 23, 2001 at 10:58:43PM -0700, Wade Richards wrote: > Yep, it's a security problem. Someone is trying to hack into your system > using one of many known security bugs in the rpc daemon. > > If you don't need the rpc stuff running, then just disable it (better yet, > uninstall it). If you really do need it running, but it's only used > locally, then I suggest you use ipchains to drop any packets targeted to > port 111. But best is to simply remove it entirely. That only blocks portmap. Other UDP services can be found with a UDP port scan by e.g. nmap. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-- Eric N. Valor Webmeister/Inetservices Lutris Technologies [EMAIL PROTECTED] - This Space Intentionally Left Blank -
