[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Active System Attack Query

Subject: Re: [cobalt-users] Active System Attack Query
From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
Date: Tue Mar 13 15:49:19 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> > So we're basically talking real hacking attempts to use recent exploits
> > found in rpc.statd and rpc.mountd to name but two.
> >
> IIRC, neither of which are standard on the RaQ.

Correct, which is why PortSentry is able to bind to those ports and report
the attempts. This just shows how the attempts are either automated or from
s'kiddies who trawl domains/ip addresses looking for potential
vulnerabilities.

As has been said before, you should see PortSentry as a Wake Up call, not a
solution, and check what else they may have been attempting. Then it's the
long haul to reporting them to their provider and getting someone to respond
positively.

Regards,
Jonathan Michaelson

References:
- RE: [cobalt-users] Active System Attack Query
  - From: Dan Kriwitsky

Prev by Date: RE: [cobalt-users] anonymous ftp setup
Next by Date: RE: [cobalt-users] IP aliasing
Previous by thread: RE: [cobalt-users] Active System Attack Query
Next by thread: [cobalt-users] SSL/Raq4

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index