On Tue, Apr 17, 2001 at 04:16:45PM -0400, Ward William E DLDN wrote:
> Ok.... so after checking CERT, I've found there are well known
> exploits of rpc.statd, and that I'm probably being "Ramen"
> scanned in all likelihood.
>
> Since I've got the latest and greatest on the machine, I'm set.
> Now, I need to see why I'm not getting hits on my firewall logs
> for the FTP service scan which is associated with it... I THOUGHT
> I turned off FTP (it's not wu_ftp even then) since it wasn't needed,
> I guess I'll have to double check and ensure it IS shutdown.
Are you logging port 21? I get many hits on that one too. Having
watched this some time, the scans generally pick one port, maybe 111
or 53 or 21 or 515. They rarely hit more than one port at a time. This
is a summary of my last week's activity:
Rejected tcp packets by destination port
port count
21 23
111 13
139 12
53 5
27374 5
515 5
1080 4
Ramen/Lion/Adore would seem to be hot stuff right now.
--
Hal B
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Spamtrap: [EMAIL PROTECTED] and [EMAIL PROTECTED]
--
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
