LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-29-2002, 01:03 AM   #1
psyklops
Member
 
Registered: Jan 2002
Location: Los Angeles
Distribution: RedHat 9.0
Posts: 216

Rep: Reputation: 30
New to Port Sentry


Im new to using port sentry and was parsing the syslogs and saw this:

Apr 28 21:32:23 psyklopsbox rpc.statd[739]: gethostbyname error for ^X^X^Y^Y^Z^Z^[^[%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\220


Ok it came out sorta screwy when I pasted it but I think you get the point. I have both -udp and -tcp enabled. It seems to bind to all other watched ports fine except this. Is this something I need to worry about? I checked the man for rpc.statd and everything seems alright but I got such a long strange error I thought Id check in with you guys.
 
Old 04-29-2002, 06:20 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,371
Blog Entries: 55

Rep: Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555
This syslogd entry is an old rpc buffer overflow 'sploit from the RH6.2 days. Your box ain't vulnerable there. Does remind you to check what services you *really* need running tho.

*Also consider upgrading from Portsentry to Snort for in-depth analysis of traffic instead of just dumb ppl hitting ports...
 
Old 04-29-2002, 01:31 PM   #3
psyklops
Member
 
Registered: Jan 2002
Location: Los Angeles
Distribution: RedHat 9.0
Posts: 216

Original Poster
Rep: Reputation: 30
Thanks I had snort installed before this. I use it in IDS, logging in binary. I also have IP chains configured. In RH 7.2 they give you the option to do this. Im pretty new to this security on Linux. Is there anything else I could use? If not then for now Ill be returning with questions on snort, tcpdump, ipchains, and portsentry. Get to know these and then move on to another aspect of linux that I never got to work properly... recompiling the kernel.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
PLESK [Solution] Change port to 23 (telnet) instead of default port 8443 x5452 Linux - Software 6 05-10-2009 05:58 AM
Using serial port card(PCMCIA) with IPAQ running Linux, can't find ttyS0 port d2army Linux - Laptop and Netbook 0 11-12-2005 08:07 PM
Sentry LiveCD Firewall Root password Jkm3141 Linux - Distributions 1 06-29-2005 01:09 PM
Proxy server flodded by requests on port 53 & port 25 saurabh_sahni Linux - Networking 1 04-26-2005 03:01 PM
--destination-ports port[,port[,port...]] KevinGuy Linux - Networking 1 03-16-2004 06:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration