On Wed, 11 Apr 2001, Derek Martin wrote:
> On Wed, Apr 11, 2001 at 07:12:46PM -0400, Tom Rauschenbach wrote:
>
>
> > OK upgrading pppd make my 2.4 kernel work. But my logs are reporting a
> > boatload of attackes on port 111 from an "unknown host". I know that others
> > have seen this. Does anyone remember the fix ?
>
> Yeah, disconnect your machine from the network... :) [o.k. o.k. I'm
> being wise... but that will "fix" it so they can't attack you!]
Not an option, not a fix. The "attack" is coming from within my network.
All I have is two PCs and a hub and a dial up connection. The client machine
reports the attacks even with the phone on hook. Maybe I need a new version of
portsentry to go with my new pppd.
>
> These attacks are people scanning for vulnerabilities in RPC services
> (most likely they're looking for statd right now), so if you disable
> them, you should be fine. You'll want to make sure you're not running
> NFS, NIS, and portmap. If you NEED to do this for some reason, then
> you need to do all of these things:
>
> * make sure you've got the latest and greatest updates.
> * use ipchains/iptables (or similar) to block the relevant ports
> * re-think seriously about whether or not you REALLY need this
>
Yes, I need to get serious about either IPchains or this new thing that replaces
IPchains at kernel 2.4. I have the luxury of having all this stuff just to
play with. All I'm doing is learning.
> The general consensus is that RPC services running on an
> Internet-connected host is a Bad Thing(TM). Avoid it like the Plague.
> This also applies generally to any service that you do not absolutely
> need. If you don't run it, they can't attack it.
But if I don't run it I can't learn how to harden and defend it.
>
>
> --
> "I have written this book partly to correct a mistake... A colleage of
> mine once told me that the world was full of bad security systems
> designed by people who read Applied Cryptograpy.
> "Since writing the book, I have made a living as a cryptography
> consultant: designing and analyzing security systems. To my initial
> surprise, I found that the weak points had nothing to do with the
> mathematics. They were in the hardware, the software, the networks,
> and the people. Beautiful pices of mathematics were made irrelevant
> through bad programming, a lousy operating system, or someone's bad
> password choice. I learned to look beyond the cryptography, at the
> entire system, to find weaknesses. I started repeating a couple of
> sentiments you'll find throughout this book: 'Security is a chain;
> it's only as secure as the weakest link.' 'Security is a process, not
> a product.'"
>
> --Bruce Schneier, from "Secrets & Lies"
> ---------------------------------------------------
> Derek Martin | Unix/Linux geek
> [EMAIL PROTECTED] | GnuPG Key ID: 0x81CFE75D
> Retrieve my public key at http://pgp.mit.edu
--
---
Tom Rauschenbach [EMAIL PROTECTED]
All your base are belong to us
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
