On Sun, 8 Apr 2001 18:04:54 -0400
"Robert Bartels" [EMAIL PROTECTED] wrote:
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
^X^X^Y^Y^Z^Z^[^[%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%1
On Sun, Apr 08, 2001 at 06:04:54PM -0400, Robert Bartels wrote:
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
^X^X^Y^Y^Z^Z^[^[%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%1
37x%n%10x%n%192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
On Mon, Apr 09, 2001 at 12:18:50AM +0200, Sander Smeenk (CistroN Medewerker) wrote:
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
It looks like statd is still running. Is rpc still vulnerable?
Is there a way to track down who
On Mon, Apr 09, 2001 at 12:23:06AM +0200, [EMAIL PROTECTED] wrote:
On Mon, Apr 09, 2001 at 12:18:50AM +0200, Sander Smeenk (CistroN Medewerker) wrote:
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
It looks like statd is still
Hello
I noticed those strange things in my /var/log/syslog
Would you like to tell me what does it mean?
I have seen this since I installed 2.4.0 kernel and iptables.
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Apr 9 01:00:30 dino kernel: NET: 16 messages suppressed.
Apr 9 00:03:20 dino
Quoting Daniel Jacobowitz [EMAIL PROTECTED]:
way to track down who
connected to rpc.statd?
Run a tcp logger, like ippl.
Even better and more efficient would be to create an ipchains rule that accepts
this data and logs it. That way you are focusing on logging just the data you
are
On Fri, Apr 06, 2001 at 11:52:29PM -0500, Vinh Truong wrote:
* Jean-Marc Boursot [EMAIL PROTECTED] [010406 21:09]:
They allow telnet and not ssh? Nice!
yeah, afraid of the port-forwarding capabilities in ssh. i can see
their point but i'm just as leery of clear-text transmission. oh,
On Sat, Apr 07, 2001 at 10:01:43AM -0500, Kenneth Pronovici wrote:
Yep. Ssh does. But telnet doesn't. And it *does* look a bit suspicious if
your firewall administrator tries to encourage telnet and block ssh...
Personally, I think this is more a case of the administrator just wanting
to
On Mon, Apr 09, 2001 at 01:42:25AM +0200, Robert Magier wrote:
I have seen this since I installed 2.4.0 kernel and iptables.
http://netfilter.samba.org/netfilter-faq-3.html#ss3.1
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL
I recently install portsentry by psionic on my system. It seems like people
are trying to scan port 111 pretty often. /etc/services says that this is
the sunrpc port. Anytime portsentry detects a scan it adds an ipchains rule
to block all traffic from that host. What I am wondering is if there
On Mon, Apr 09, 2001 at 02:19:31AM +0100, [EMAIL PROTECTED] wrote:
On Fri, Apr 06, 2001 at 11:52:29PM -0500, Vinh Truong wrote:
* Jean-Marc Boursot [EMAIL PROTECTED] [010406 21:09]:
They allow telnet and not ssh? Nice!
yeah, afraid of the port-forwarding capabilities in ssh. i can see
On Sun, Apr 08, 2001 at 11:22:42PM -0700, Tim Uckun wrote:
I recently install portsentry by psionic on my system. It seems like people
are trying to scan port 111 pretty often. /etc/services says that this is
the sunrpc port. Anytime portsentry detects a scan it adds an ipchains rule
to
Unless you're providing public NFS service, or some other RPC thing, then
no, there's no good reason whatsoever.
Good I won't be worried about blackholing them then.
How about 113?
I had to exempt that port because when I tried to get a CPAN module
onion.valueclick.net tried to do
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%1
37x%n%10x%n%192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
On Sun, 8 Apr 2001 18:04:54 -0400
Robert Bartels [EMAIL PROTECTED] wrote:
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%1
On Sun, Apr 08, 2001 at 06:04:54PM -0400, Robert Bartels wrote:
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%1
Quoting Alexander Hvostov ([EMAIL PROTECTED]):
On Sun, 8 Apr 2001 18:04:54 -0400
Robert Bartels [EMAIL PROTECTED] wrote:
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
It looks like statd is still running. Is rpc still vulnerable?
Is
On Mon, Apr 09, 2001 at 12:18:50AM +0200, Sander Smeenk (CistroN Medewerker)
wrote:
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
It looks like statd is still running. Is rpc still vulnerable?
Is there a way to track down who
On Mon, Apr 09, 2001 at 12:23:06AM +0200, [EMAIL PROTECTED] wrote:
On Mon, Apr 09, 2001 at 12:18:50AM +0200, Sander Smeenk (CistroN Medewerker)
wrote:
I saw this in my logs today.
Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for
It looks like statd is still
Quoting Daniel Jacobowitz [EMAIL PROTECTED]:
way to track down who
connected to rpc.statd?
Run a tcp logger, like ippl.
Even better and more efficient would be to create an ipchains rule that accepts
this data and logs it. That way you are focusing on logging just the data you
are
On Fri, Apr 06, 2001 at 11:52:29PM -0500, Vinh Truong wrote:
* Jean-Marc Boursot [EMAIL PROTECTED] [010406 21:09]:
They allow telnet and not ssh? Nice!
yeah, afraid of the port-forwarding capabilities in ssh. i can see
their point but i'm just as leery of clear-text transmission. oh,
On Sat, Apr 07, 2001 at 10:01:43AM -0500, Kenneth Pronovici wrote:
Yep. Ssh does. But telnet doesn't. And it *does* look a bit suspicious if
your firewall administrator tries to encourage telnet and block ssh...
Personally, I think this is more a case of the administrator just wanting
to
On Mon, Apr 09, 2001 at 12:47:31PM +1200, Simon Murcott wrote:
Quoting Daniel Jacobowitz [EMAIL PROTECTED]:
way to track down who
connected to rpc.statd?
Run a tcp logger, like ippl.
Even better and more efficient would be to create an ipchains rule that
accepts
this data and
23 matches
Mail list logo
