On Sun, 7 Feb 1999, Adam Rogoyski wrote:
> On Sun, 7 Feb 1999, Simon Hill wrote:
>
> > On Sun, 7 Feb 1999, Adam Rogoyski wrote:
> >
> > > On Sun, 7 Feb 1999, Simon Hill wrote:
> > >
> > > > Just happened to check my systems this AM. Both my Linux boxes show NFS
> > > > buffer overflow attempts from 209.161.74.20 (maui.rdi.net), between 9AM
> > > > and 10AM today (Sunday). Check your logs! And your system. Check your
> > > > password file, do a tail on /.bash_history and /root/.bash_history.
> > >
> > > Is there any particular reason why you allow people in Pennsylvania to
> > > nfs mount your drives?
> >
> > Well, apparently you don't know what you're talking about. The NFS buffer
> > overflow exploit does not require that the culprit have permission to
> > mount anything. I run NFS because I need it, and the only hosts with
> > permission to mount anything are on my own subnet.
>
> What I'm saying is why are you letting this go through the firewall in
> the first place. If only people on your subnet need access, that's all
> you should allow through.
Well, unfortunately, most departments at UT don't have control of their
own routers. Or so I am told. It's all handled by the group that runs the
names servers and the mail servers. And apparently they don't do filters.
This from the person in charge of networking on my subnet. I'm told that
that's the case for most departments on campus.
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
