Firewall Wizards mailing list archives
Re: rpc.statd message log
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Thu, 24 Apr 2003 22:00:58 +0530
On 24/04/03 12:05 -0400, Robert E. Martin wrote: <snip>
I believe that the machine has been compromised, but do not find any trace using cert.org recommended Intruder Detection Checklist. I have
IIRC, you use Linux. What distro ( RH 6.2? ). Patch level? Run chrootkit, and validate checksums for binaries from a clean booted system (not booted from the possibly compromised disk) using an alternate md5sum and kernel binary.
stopped the rpc.statd service, since we don't use this at ALL!
That should have been stopped as part of OS hardening itself. Devdas Bhagat
http://www.kb.cert.org/vuls/id/34043 Any thoughts? Anyone? -- Robert E Martin IT Manager Fishburne Military School rmartin () fishburne org 540.946.7726 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- rpc.statd message log Robert E. Martin (Apr 24)
- Re: rpc.statd message log Devdas Bhagat (Apr 24)
- Re: rpc.statd message log R. DuFresne (Apr 24)
- <Possible follow-ups>
- RE: rpc.statd message log Melson, Paul (Apr 24)
- Re: rpc.statd message log Robert E. Martin (Apr 25)
- RE: rpc.statd message log Melson, Paul (Apr 25)