LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   New to Port Sentry (https://www.linuxquestions.org/questions/linux-security-4/new-to-port-sentry-19714/)

psyklops 04-29-2002 01:03 AM
New to Port Sentry
 
Im new to using port sentry and was parsing the syslogs and saw this:

Apr 28 21:32:23 psyklopsbox rpc.statd[739]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220


Ok it came out sorta screwy when I pasted it but I think you get the point. I have both -udp and -tcp enabled. It seems to bind to all other watched ports fine except this. Is this something I need to worry about? I checked the man for rpc.statd and everything seems alright but I got such a long strange error I thought Id check in with you guys.

unSpawn 04-29-2002 06:20 AM
This syslogd entry is an old rpc buffer overflow 'sploit from the RH6.2 days. Your box ain't vulnerable there. Does remind you to check what services you *really* need running tho.

*Also consider upgrading from Portsentry to Snort for in-depth analysis of traffic instead of just dumb ppl hitting ports...

psyklops 04-29-2002 01:31 PM
Thanks I had snort installed before this. I use it in IDS, logging in binary. I also have IP chains configured. In RH 7.2 they give you the option to do this. Im pretty new to this security on Linux. Is there anything else I could use? If not then for now Ill be returning with questions on snort, tcpdump, ipchains, and portsentry. Get to know these and then move on to another aspect of linux that I never got to work properly... recompiling the kernel.


All times are GMT -5. The time now is 03:51 PM.