On Sun, 29 Oct 2000, Mikkel L. Ellertson wrote:
> On Sun, 29 Oct 2000, Brian wrote:
>
> >
> > When someone attempts the rpc.statd exploit to a Redhat 6.2 box, are their
> > no places their IP address gets logged? I see the attempts in
> > /var/log/messages, but nothing in any other files aligning to an ip
> > address.
> >
> > Brian
> >
> It depends on your firewall setup and your syslog.conf settings. With the
> stock syslog.conf and port 111 being blocked by IP chains, then that
> /var/log/messages is the only place. Nothing else will show it because
> nothing but the firewall "sees" it. Not even portsentry will see it
> because the firewall blocks it before any connection is made.
but what if you don't have it ipchained...........I see the rpc.statd
request in messages, but still no ip logged.
Brian
>
> Mikkel
> --
>
> Do not meddle in the affairs of dragons,
> for you are crunchy and taste good with ketchup.
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
-----------------------------------------------
Brian Feeny, CCNP, CCDP [EMAIL PROTECTED]
Network Administrator
ShreveNet Inc. (ASN 11881)
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
