I've had a compromise from this before, they try to overflow the rpc.statd
buffer and gain root access. This is if you have a NFS computer connected
to the internet, it's on CERT's site. RH 6.0 had this problem which could
fixed by upgrading package nfs-utils which depends on a higher kernel
version, which requires RPM ver. 3, which can only be installed with RPM
ver. 3. <G>
On Thu, 28 Dec 2000, Burke, Thomas G. wrote:
> Hey all,
>
> The subject says it all, I have had a shitload of attempts on port
> 111 (sunrpc) lately... Is there some new bug on the r* stuff, or is it just
> that all the script kiddies are out on vacation? Anybody else notice this,
> or is it just me?
>
> As an aside, I've added an (L)user link on my web site's main page
> (right below the firewall) that lists all the machines blocked from my
> machine (check out http://tomii.erols.com/lusers.txt)... Has anyone else
> ever done this? I ask as I'm sure there's a better way to do it than the
> way I did (I'm no scripter)...
>
> PS: Hey (L)user! You see my web page on here & you attack me...
> You dumbass! Since most of the posts are about ipchains, & I'm sending
> people to the link that has my firewall on it, you'd think you could at
> least go look at that firewall script before you try to run some stoopid
> unmodified script against the machine! At least then, you'd know what ports
> I was logging & you might not get cut off from your ISP (happened to 3
> people this week, I understand).... Man, I guess I'm feeling antagonistic
> today, I guess ;)....
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
