Not Code Red, was Re: [NCLUG] error message
J. Paul Reed
preed at sigkill.com
Tue Aug 7 14:48:13 MDT 2001
On Tue, 7 Aug 2001, Matt Pujol wrote:
> The little "Activity" light on my modem has been on solid for the last
> few days.
Me too, although I ran tcpdump and found the problem seemed to be a ton of
arp packets... I don't know if that's increased from Code Red attacks, some
other attack, or stupid network admins (Yay Charter!!)
Interestingly enough, I got a Code Red II attack from someone in town on my
cable modem segment... was mildly interesting.
> I've gotten an increase in rpc gethostbyname() hacks in the last week or
> so. About one every 2-4 hours. I've gotten all the RH6.2 rpc security
> updates (last one was Feb. I think). I'm wondering if I didn't miss
> something.
Exactly what I run a firewall for... both portmap and rpc servers.
You *can* use /etc/hosts.allow/deny with portmap, though...
Later,
Paul
---------------------------------------------------------------------
J. Paul Reed preed at sigkill.com || web.sigkill.com/preed
It's amazing what a little brain damage will do for your credibility.
-- Leonard Shelby, Memento
More information about the NCLUG
mailing list