[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Port 111 Attack

is port 111 just  "a" port or does that port have something to it.
I see alot of port 111 attacks.

t
----- Original Message -----
From: "Sim Ayers" <sim@xxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, January 08, 2002 10:58 AM
Subject: [cobalt-users] Port 111 Attack


> I finally got around to installing PortSentry last week and because of
> PortSentry
> being installed on our RQ4 the Port 111 Attack was caught and taken
careof.
>
> Output from LogCheck and portsentry
>
> Active System Attack Alerts
> =-=-=-=-=-=-=-=-=-=-=-=-=-=
> Jan  7 22:37:53 admin portsentry[24275]: attackalert: Connect from host:
> quantum2.edurus.com/208.131.42.26 to TCP port: 111
> Jan  7 22:37:53 admin portsentry[24275]: attackalert: Host 208.131.42.26
has
> been blocked via wrappers with string: "ALL: 208.131.42.26"
> Jan  7 22:37:53 admin portsentry[24275]: attackalert: Host 208.131.42.26
has
> been blocked via dropped route using command: "/sbin/route add -host
> 208.131.42.26 reject">
>
>
> To anyone on the list who hasn't installed PortSentry
>
> Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit,
> Lionfind, Whois, lcap
>
> http://list.cobalt.com/pipermail/cobalt-users/2001-April/042023.html
>
> Some on the install instruction from that page that do not work are only
> because
> of newer versions avaibale. If wget fails then check for a newer version.
>
>
> More info on Port 111 (rpc.statd)
>
> http://www1.dshield.org/ports/port111.html
>
>
> One happy puppy,
> Sim
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>