[Dshield] subnets, labrea, and sunrpc
dshield at webfocus.com
Sun Mar 24 19:07:23 GMT 2002
Form what I have gathered so far is that your networking knowledge is very
limited from the E-mails you have posted. Weather you want people to help
you or not is up to you. If you don't want to post things here there is
always private E-mail. ( like the private E-mail I sent you once ) If you
are as paranoid as some of the post seem, you might want to higher a
Network Security expert or invest in some classes or books on Network
At 09:30 PM 3/23/2002 -0500, you wrote:
>Actually guys, concerning subnets, would you tell James yours via this line?
Well you have a cable modem, you are on comcast.net you post from
pcp890159pcs.centrl01.va.comcast.net [220.127.116.11] and your computer name
is pinn.net. As soon as you send a E-mail this becomes all public information.
Because you are a Cable Subscriber you are more likely on the same network
segment as other people in your neighborhood. If that is the case then the
lights flashing on your Cable modem box maybe just traffic of the other
computers on the network segment. Not you Internal Network. Someone on
the same Network Segment that you are on with comcast could have a
misconfigured PC. This is just one part that needs to be looked at.
>I uninstalled the previous version of labrea, probably should have left it
>in is the problem. Either that or other miscelleneous stuff, but it
>doesn't do make install, only make. I have no idea where it went, I looked
>in all those places.
Look in the Makefile and you will see what the options are if you know how
Makefiles are put together. Some of the common options
are All,Install,Remove. These are what I have used in the past.
>Well I had to tighten this computer up first anyway, that was my first
>linux install and though pretty it wasn't real secure. Had to start
>somewhere...I fixed it hopefully, definitely it's tighter now... after
>noticing things I attempted to download were also disppearing to never
>never land I got the hint... sunrpc connecting to some 216.xxx (a google
>webbot?) address all day... what is sunrpc is probably a much better question.
" Sun's RPC (Remote Procedure Call) forms the basis of many UNIX services,
especially NFS (Network File System). However, RPC is extremely dangerous
when left exposed to the Internet, which leads to frequent compromise of
servers based upon Sun Solaris and Linux. RPC should never be exposed to
Then again any search too will allow you to find this information, or any
good networking Book for matter.
>Something got in here hard the other night so I started over. After the
>desktop starts shaking... well I am sure you know the rest. It took them
>about 4 weeks this time though, as opposed to 20-48 hours on my windows
>machines. At least that's something. And that was a standard RH 7.2
>install with very little or no tweaking.
Is this the same system that you said was secure?
My suggestion would be to invest in a Firewall Appliance, There are many
out there that do a wonderful job. The cost is not that out of line as
some would think. You can find them starting in price from 300 to 700
dollars. These would protect a small network with no problems at
all. Easy to manage also.
One has to look at the Time, Cost and level of Security that is need.
More information about the list