SLUG Mailing List Archives
Re: [SLUG] Help I got hacked!!
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] Help I got hacked!!
- From: Jeff Waugh <jdub@xxxxxxxxxxx>
- Date: Wed Jul 4 20:33:02 2001
- User-agent: Mutt/1.3.18i
> The IP addresses don't seem to mean much other than one of them is mine
> ! (dial up so it varies each time)
whois <ip address>
> The same thing happened on RH6.2 just before I got attacked (though this
> could be just coincidence) but I beleive the vulnerability exploited in
> my case was via rpc.statd (they loaded 'luckroot' onto my system plus a
> rootkit. Unfortunately NFS uses rpc.statd for its locking (?) schemes
> so I can't just ditch it.
Ditch NFS on your "firewall"! There is no reason to have it on there; if you
require NFS for a fileserver, put it behind the firewall.
You could also set up ipchains/iptables to block it, but you should really
just pull NFS enitrely. Don't run anything on the machine that isn't
required, and if it's a known security problem already (which rpc and
portmap most definitely are), get it off the box. :)
"World domination is a community responsibility." - Michael Hall,