SLUG Mailing List Archives - Re: [SLUG] Help I got hacked!!

To: slug@xxxxxxxxxxx
Subject: Re: [SLUG] Help I got hacked!!
From: Jeff Waugh <jdub@xxxxxxxxxxx>
Date: Wed Jul 4 20:33:02 2001
User-agent: Mutt/1.3.18i

<quote who="andy">

> The IP addresses don't seem to mean much other than one of them is mine 
> ! (dial up so it varies each time)

whois <ip address>

> The same thing happened on RH6.2 just before I got attacked (though this 
> could be just coincidence)  but I beleive the vulnerability exploited in 
> my case was via rpc.statd  (they loaded 'luckroot' onto my system plus a 
> rootkit.  Unfortunately NFS uses rpc.statd for its locking (?) schemes 
> so I can't just ditch it.

Ditch NFS on your "firewall"! There is no reason to have it on there; if you
require NFS for a fileserver, put it behind the firewall.

You could also set up ipchains/iptables to block it, but you should really
just pull NFS enitrely. Don't run anything on the machine that isn't
required, and if it's a known security problem already (which rpc and
portmap most definitely are), get it off the box. :)

- Jeff

-- 
     "World domination is a community responsibility." - Michael Hall,      
                                LinuxPlanet

References:
- Re: [SLUG] Help I got hacked!!
  - From: andy

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] Help I got hacked!!
Next by Date: Re: [SLUG] Debian SIG
Previous by thread: Re: [SLUG] Help I got hacked!!
Next by thread: Re: [SLUG] Help I got hacked!!