By default nothing logs statd traffic. This would be a good task for
ipchains - a rule to log these connections.
- rick warner
On Sun, 29 Oct 2000, Brian wrote:
> On Sun, 29 Oct 2000, Mikkel L. Ellertson wrote:
>
> > On Sun, 29 Oct 2000, Brian wrote:
> >
> > >
> > > When someone attempts the rpc.statd exploit to a Redhat 6.2 box, are their
> > > no places their IP address gets logged? I see the attempts in
> > > /var/log/messages, but nothing in any other files aligning to an ip
> > > address.
> > >
> > > Brian
> > >
> > It depends on your firewall setup and your syslog.conf settings. With the
> > stock syslog.conf and port 111 being blocked by IP chains, then that
> > /var/log/messages is the only place. Nothing else will show it because
> > nothing but the firewall "sees" it. Not even portsentry will see it
> > because the firewall blocks it before any connection is made.
>
> but what if you don't have it ipchained...........I see the rpc.statd
> request in messages, but still no ip logged.
>
> Brian
>
>
> >
> > Mikkel
> > --
> >
> > Do not meddle in the affairs of dragons,
> > for you are crunchy and taste good with ketchup.
> >
> >
> >
> > _______________________________________________
> > Redhat-list mailing list
> > [EMAIL PROTECTED]
> > https://listman.redhat.com/mailman/listinfo/redhat-list
> >
>
> -----------------------------------------------
> Brian Feeny, CCNP, CCDP [EMAIL PROTECTED]
> Network Administrator
> ShreveNet Inc. (ASN 11881)
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
