[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Port 111 Attack

Subject: [cobalt-users] Port 111 Attack
From: "Sim Ayers" <sim@xxxxxxxxxxxx>
Date: Tue Jan 8 08:26:19 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I finally got around to installing PortSentry last week and because of
PortSentry
being installed on our RQ4 the Port 111 Attack was caught and taken careof.

Output from LogCheck and portsentry

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jan  7 22:37:53 admin portsentry[24275]: attackalert: Connect from host:
quantum2.edurus.com/208.131.42.26 to TCP port: 111
Jan  7 22:37:53 admin portsentry[24275]: attackalert: Host 208.131.42.26 has
been blocked via wrappers with string: "ALL: 208.131.42.26"
Jan  7 22:37:53 admin portsentry[24275]: attackalert: Host 208.131.42.26 has
been blocked via dropped route using command: "/sbin/route add -host
208.131.42.26 reject">


To anyone on the list who hasn't installed PortSentry

Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit,
Lionfind, Whois, lcap

http://list.cobalt.com/pipermail/cobalt-users/2001-April/042023.html

Some on the install instruction from that page that do not work are only
because
of newer versions avaibale. If wget fails then check for a newer version.


More info on Port 111 (rpc.statd)

http://www1.dshield.org/ports/port111.html


One happy puppy,
Sim

Follow-Ups:
- Re: [cobalt-users] Port 111 Attack
  - From: Cobalt
- RE: [cobalt-users] Port 111 Attack
  - From: John Adair

References:
- RE: [cobalt-users] PHP Vulnerability found
  - From: Curtis Ross

Prev by Date: Re[2]: [cobalt-users] PHP Vulnerability found
Next by Date: RE: [cobalt-users] [RAQ4r] Where is the ftp log file ?
Previous by thread: Re[2]: [cobalt-users] PHP Vulnerability found
Next by thread: Re: [cobalt-users] Port 111 Attack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index