Date: Mon, 10 Dec 2001 08:10:45 +0100 From: "BSDJunk" <BSDJunk@bzerk.org> To: <jacks@sage-american.com>, "Jim Conner" <jconner@enterit.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Intruder attempts? Message-ID: <048101c18149$ca0363a0$0801a8c0@lan.1729.net> References: <5.1.0.14.0.20011210014602.04020258@mail.enterit.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Portmap has nothing to do with rsh or rcp. It is needed for NFS servers and for NIS e.g. ----- Original Message ----- From: "Jim Conner" <jconner@enterit.com> To: <jacks@sage-american.com> Cc: <freebsd-questions@FreeBSD.ORG> Sent: Monday, December 10, 2001 7:46 AM Subject: Re: Intruder attempts? > At 07:58 12.09.2001 -0600, jacks@sage-american.com wrote: > >I've noticed this often on the console of the server and appears to be > >intruder attempts to login: This is just a snipet: > > > ><snip/> > >server1.net kernel log messages: > > > Dec 8 03:41:47 sage-one rpc.statd: invalid hostname to sm_stat: > >^X\M-w\M^?\M-?^X\M-w\M^?\M-?^Y\M-w\M^?\M-?^Y\M-w\M^?\M-?^Z\M-w\M^?\M-?^Z\M- w > >\M^?\M-?^[\M-w\M^?\M-?^[\M-w\M^?\M-?%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x % > >n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > ></snip> > > > > This is a bad thing. This is somebody attempting to use a buffer olverflow > exploit against your rpc services. If you don't need them, I suggest you > turn portmap off. That means that if you don't want or need people > rsh'ing, rcp'ing, etc into your box, turn off portmap. > > - Jim > > > >Best regards, > >Jack L. Stone, > >Server Admin > > > >Sage-American > >http://www.sage-american.com > >jacks@sage-american.com > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > > > - Jim > > -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- > http://www.perlmonks.org/index.pl?node_id=67861&lastnode_id=67861 > > -----BEGIN PERL GEEK CODE BLOCK----- ------BEGIN GEEK CODE BLOCK------ > Version: 0.01 Version: 3.12 > P++>*@$c?P6?R+++>++++@$M GIT/CM/J d++(--) s++:++ a- > >++++$O!MA->++++E!> PU-->+++BD C++++(+) UB++++$L++++$S++++$ > $C-@D!>++++(-)$S++++@$X?WP+>++++MO!>+++ P++(+)>+++++ L+++(++++)>+++++$ !E* > +PP+++>++++n-CO?PO!o >++++G W++(+++) N+ o !K w--- PS---(-)@ PE > >*(!)$A-->++++@$Ee---(-)Ev++uL++>*@$uB+ Y+>+++ PGP t+(+++)>+++@ 5- X++ R@ > >*@$uS+>*@$uH+uo+w-@$m! tv+ b? DI-(+++) D+++(++) G(++++) > ------END PERL GEEK CODE BLOCK------ ------END GEEK CODE BLOCK------ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?048101c18149$ca0363a0$0801a8c0>