Date: Wed, 20 Sep 2000 10:35:59 -0400 From: Peter Radcliffe <pir@pir.net> To: stable@freebsd.org Subject: Re: Odd log entries...an attempted breakin? Message-ID: <20000920103558.A7164@pir.net> In-Reply-To: <39C8C50C.CA929D8C@glue.umd.edu>; from bfoz@glue.umd.edu on Wed, Sep 20, 2000 at 10:09:16AM -0400 References: <39C8C50C.CA929D8C@glue.umd.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Brandon Fosdick <bfoz@glue.umd.edu> probably said: > For the last week or so I've been seeing the following entries in > /var/log/messages: > 128.8.38.27 is the address of my machine and I disabled ftpd on the > 15th. So far I've just been watching to see what happens since this > machine doesn't have anything important on it, but last night I started > seeing the same kinds of entries on another machine here, both of which > are 4.1-S. Are these normal log entries or is someone playing with my > systems? What do I do about it? the statd lines are certainly signs of an attack. Personally, I don't like having a machine on generally available IPs with nfsd/statd/rpcbind/etc reachable. I'd suggest ipfilter or ipfw filtering them ... P. -- pir pir@pir.net pir@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000920103558.A7164>