Not Code Red, was Re: [NCLUG] error message

J. Paul Reed preed at sigkill.com
Tue Aug 7 14:48:13 MDT 2001


On Tue, 7 Aug 2001, Matt Pujol wrote:

> The little "Activity" light on my modem has been on solid for the last
> few days.

Me too, although I ran tcpdump and found the problem seemed to be a ton of
arp packets... I don't know if that's increased from Code Red attacks, some
other attack, or stupid network admins (Yay Charter!!)

Interestingly enough, I got a Code Red II attack from someone in town on my
cable modem segment... was mildly interesting.

> I've gotten an increase in rpc gethostbyname() hacks in the last week or
> so.  About one every 2-4 hours.  I've gotten all the RH6.2 rpc security
> updates (last one was Feb. I think).  I'm wondering if I didn't miss
> something.

Exactly what I run a firewall for... both portmap and rpc servers.

You *can* use /etc/hosts.allow/deny with portmap, though...

Later,
Paul
   ---------------------------------------------------------------------
   J. Paul Reed               preed at sigkill.com || web.sigkill.com/preed
   It's amazing what a little brain damage will do for your credibility.
                                              -- Leonard Shelby, Memento




More information about the NCLUG mailing list