Date: Mon, 25 May 1998 15:33:01 -0500 From: Paul Saab <paul@mu.org> To: Mike Smith <mike@smith.net.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: possible problem with portmap Message-ID: <19980525153301.A20100@mu.org> In-Reply-To: <199805251910.MAA13972@antipodes.cdrom.com>; from Mike Smith on Mon, May 25, 1998 at 12:10:21PM -0700 References: <19980525123417.A19300@mu.org> <199805251910.MAA13972@antipodes.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
OK.. I disabled sunrpc (port 111) at the router. Is the worst thing that could have happened to me be just a DoS of portmap-related stuff? Ie: he could not have gotten root? Thanks, Paul Mike Smith (mike@smith.net.au) wrote: > > Today I logged into our server and noticed someone sitting on port > > 111. Are there any known problems with portmap? > > Yes. > > > this is what I got from netstat.. > > tcp 0 0 tranq1.sunrpc dialup239-1-15.s.2988 ESTABLISHED > > tcp 0 0 tranq1.sunrpc dialup239-1-15.s.2987 ESTABLISHED > > Find out who the dialup user is; they're engaged in a portmap-related > DoS attack on you. > > There were changes committed a few days back to address this - it was > also discussed on BugTraq (with a not inconsiderable degree of hysteria > it seems). > > -- > \\ Sometimes you're ahead, \\ Mike Smith > \\ sometimes you're behind. \\ mike@smith.net.au > \\ The race is long, and in the \\ msmith@freebsd.org > \\ end it's only with yourself. \\ msmith@cdrom.com > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980525153301.A20100>