VanLUG Email Archive
A Z (arek_z@yahoo.com)
Wed, 7 Apr 1999 17:49:10 -0700 (PDT)
--- Luca Filipozzi <--- Luca Filipozzi <lucanntp@ise.bc.ca.spamsucks> wrote:
> In article <000801be809c$55daaac0$> In article <000801be809c$55daaac0$0401a8c0@derf>,
> todd_meade@paralynx.com
> says...
> > Today I got a message from syslogd on every
> console that simply gave the
> > time and my host name. I looked in /var/log and
> the messages file had some
> > messages about:
> >
> > mountd[361]: Blocked attempt of 195.204.242.18 to
> mount ^P (10 lines of ^P
> > following this).
> >
> > I'm running RedHat 5.1, 2.0.35 on this machine
> (most patches upto January
> > applied).
Well it looks like they are trying the old NFS exploit and trying to
mount one of your partitions on their computer. Then they have write
access to it. At least I think that is what they are trying to
accomplish.
I take it you have a network. Do you really need NFS and rpc.mountd
running?
As for the IP address "whois" is o.k. for regristered names, but isn't
that great for finding "joe-blow". I think "nslookup" is far better
IMHO.
-arek
P.S. the 2.0.35 kernel has a IP spoof exploit. Upgrade to at least
2.0.36 or don't have anything in hosts.equiv or have any .rhosts files.
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2.0b3 on Wed 07 Apr 1999 - 17:54:27 PDT