[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Port 111 Attack

> is port 111 just  "a" port or does that port have something to it.
> I see alot of port 111 attacks.
>
> t


The port 111 attack scans for the rpc.statd vulnerability.

Sim


>
> > I finally got around to installing PortSentry last week and because of
> > PortSentry
> > being installed on our RQ4 the Port 111 Attack was caught and taken
> careof.
> >
> > Output from LogCheck and portsentry
> >
> > Active System Attack Alerts
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Jan  7 22:37:53 admin portsentry[24275]: attackalert: Connect from host:
> > quantum2.edurus.com/208.131.42.26 to TCP port: 111
> > Jan  7 22:37:53 admin portsentry[24275]: attackalert: Host 208.131.42.26
> has
> > been blocked via wrappers with string: "ALL: 208.131.42.26"
> > Jan  7 22:37:53 admin portsentry[24275]: attackalert: Host 208.131.42.26
> has
> > been blocked via dropped route using command: "/sbin/route add -host
> > 208.131.42.26 reject">
> >
> >
> > To anyone on the list who hasn't installed PortSentry
> >
> > Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit,
> > Lionfind, Whois, lcap
> >
> > http://list.cobalt.com/pipermail/cobalt-users/2001-April/042023.html
> >
> > Some of the install instruction from that page that do not work are only
> > because
> > of newer versions available. If wget fails then check for a
> newer version.
> >
> >
> > More info on Port 111 (rpc.statd)
> >
> > http://www1.dshield.org/ports/port111.html
> >
> >
> > One happy puppy,
> > Sim
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To Subscribe or Unsubscribe, please go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>