On Mon, Apr 09, 2001 at 12:18:50AM +0200, Sander Smeenk (CistroN Medewerker) wrote: > > > > > I saw this in my logs today. > > > > > > Apr 8 15:08:43 mikado rpc.statd[179]: gethostbyname error for > > > It looks like statd is still running. Is rpc still vulnerable? > > > Is there a way to track down who connected to rpc.statd?
Maybe if the rcp.statd is not dedicated to the whole internet you can use ipchains/iptables to filter the access and logging the attempt of connection (with the -l flag). Then with logcheck you will have the report of intrusions. Regards a.f. -- Andrea Fanfani Era talmente intelligente che, datogli in mano un cubo di Rubik, riusciva a mangiarlo in 15 secondi netti. (Anonimo)
