Re: odd proftpd activity
From: Jem Berkes (jb_dontuse.delete@pc9.org)Date: 04/26/02
- Next message: ClarkVent: "Re: Has my webserver been hacked?"
- Previous message: JohnSeth: "Re: spam blocker?"
- In reply to: Thor Jansen: "Re: odd proftpd activity"
- Next in thread: Nomen Nescio: "Re: odd proftpd activity"
- Reply: Nomen Nescio: "Re: odd proftpd activity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jem Berkes <jb_dontuse.delete@pc9.org> Date: Fri, 26 Apr 2002 19:14:08 GMT
>> 111/tcp open sunrpc
>> 111/udp open sunrpc
>
> There's hardly ever a good reason to have sunrpc running.
>
>> 1024/udp open unknown
>
> Hmm, what's this? Do you know what app is listening on this port?
Be careful about the "sunrpc" (portmapper), there were lots of vulnerable
versions that could lead to a root compromise by a very simple remote
attack. Disable that service for sure, and check for signs of an intrusion.
- Next message: ClarkVent: "Re: Has my webserver been hacked?"
- Previous message: JohnSeth: "Re: spam blocker?"
- In reply to: Thor Jansen: "Re: odd proftpd activity"
- Next in thread: Nomen Nescio: "Re: odd proftpd activity"
- Reply: Nomen Nescio: "Re: odd proftpd activity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
