[lug] route add -host attacks
Warren Sanders
sanders at MontanaLinux.Org
Thu Nov 15 11:19:26 MST 2001
Another friend had suggested commenting out the KILL_ROUTE="/sbin/route features
in portsentry. I have done this and restarted portsentry... now I sit and wait.
The attacks only occurred about 1-2 times an hour so it's not like I'm getting
DOSed.
James (below> is correct for what he suggests and I do not have this port open;
although I did find my NFS (services) was open partially. NFS mount, NFS daemon
NFS quotas, and portmap were down.
So far I have not had any more route adds, but it's only been a couple hours.
On Thu, 15 Nov 2001, Harris, James wrote:
> Date: Thu, 15 Nov 2001 10:04:29 -0700
> From: "Harris, James" <James_Harris at maxtor.com>
> Reply-To: lug at lug.boulder.co.us
> To: "'lug at lug.boulder.co.us'" <lug at lug.boulder.co.us>
> Subject: RE: [lug] route add -host attacks
>
> May I stray from the original intent of this post and make a recommendation:
> disable sunrpc if you don't need it. It has a history of known exploits and
> it's definitely at the top of hackers and script kiddies lists to try.
>
> NFS is the only service that _I_ know of that requires it (but I'm _sure_
> there are others.) If you're not using NFS, try disabling it completely and
> see if it has any affect on your system.
>
> My two cents...
>
> -----Original Message-----
> From: D. Stimits [mailto:stimits at idcomm.com]
> Sent: Wednesday, November 14, 2001 21:55
> To: lug at lug.boulder.co.us
> Subject: Re: [lug] route add -host attacks
>
>
>
--
Warren Sanders
http://MontanaLinux.Org
More information about the LUG
mailing list