Date: Thu, 21 Oct 1999 23:44:48 -0500 (CDT) From: Chris Malayter <mustang@TeraHertz.Net> To: "Sean O'Connell" <sean@stat.Duke.EDU> Cc: stable@freebsd.org Subject: Re: some daemon (fwd) Message-ID: <Pine.BSF.4.05.9910212344120.44131-100000@saturn.terahertz.net> In-Reply-To: <19991022003741.A20995@stat.Duke.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
Sure enough, portmap it was, exploitable it wasn't
Thank you much sir.
Regards,
Chris Malayter
Mustang@TeraHertz.Net
-------------------------------------------------------------------------
Administrator, TeraHertz Communications | |
| InterNIC CM3647 |
Postmaster, Chorus Networks, Inc. | |
-------------------------------------------------------------------------
"Behavior is hard to change...but character is nearly impossible"
On Fri, 22 Oct 1999, Sean O'Connell wrote:
> Someone could be attemping a buffer overflow attack on your box. Does
> the actual syslog entry in /var/log/xxxxxx (messages or whatever) list
> the source daemon? Do you have portmap accessible? Maybe they were
> trying the amd exploit.
>
> Hard to tell.
>
>
> On 1999 Oct 21, Chris Malayter (aka mustang@TeraHertz.Net) wrote:
> > We experienced some very wierd messages on one of our main servers today.
> > Does anyone have any idea at #1 why this would occur, and #2 which daemon
> > would be the culprit for allowing these messages to be broadcast?
> >
> > Chris
> >
> > saturn:~>
> > Message from syslogd@epicuro.itab.unich.it at Thu Oct 21 18:11:54 1999 ...
> > epicuro.itab.unich.it
> > =>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$^M
> >
> > Message from syslogd@phobos.unich.it at Thu Oct 21 18:17:48 1999 ...
> > phobos.unich.it
> > =>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$^M
> >
> > Message from syslogd@ren.itab.unich.it at Thu Oct 21 20:44:52 1999 ...
> > ren.itab.unich.it
> > =>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$^M
> >
> > wtf?
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-stable" in the body of the message
>
> --
> -----------------------------------------------------------------------
> Sean O'Connell Email: sean@stat.Duke.EDU
> Institute of Statistics and Decision Sciences Phone: (919) 684-5419
> Duke University Fax: (919) 684-8594
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9910212344120.44131-100000>