On Sun, 7 Feb 1999, Simon Hill wrote:
> On Sun, 7 Feb 1999, Adam Rogoyski wrote:
>
> > On Sun, 7 Feb 1999, Simon Hill wrote:
> >
> > > Just happened to check my systems this AM. Both my Linux boxes show NFS
> > > buffer overflow attempts from 209.161.74.20 (maui.rdi.net), between 9AM
> > > and 10AM today (Sunday). Check your logs! And your system. Check your
> > > password file, do a tail on /.bash_history and /root/.bash_history.
> >
> > Is there any particular reason why you allow people in Pennsylvania to
> > nfs mount your drives?
>
> Well, apparently you don't know what you're talking about. The NFS buffer
> overflow exploit does not require that the culprit have permission to
> mount anything. I run NFS because I need it, and the only hosts with
> permission to mount anything are on my own subnet.
What I'm saying is why are you letting this go through the firewall in
the first place. If only people on your subnet need access, that's all
you should allow through.
Adam
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
