On Sun, 29 Oct 2000, Brian wrote:
>
> When someone attempts the rpc.statd exploit to a Redhat 6.2 box, are their
> no places their IP address gets logged? I see the attempts in
> /var/log/messages, but nothing in any other files aligning to an ip
> address.
>
> Brian
>
It depends on your firewall setup and your syslog.conf settings. With the
stock syslog.conf and port 111 being blocked by IP chains, then that
/var/log/messages is the only place. Nothing else will show it because
nothing but the firewall "sees" it. Not even portsentry will see it
because the firewall blocks it before any connection is made.
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
