From owner-freebsd-stable Thu Oct 21 21:39:25 1999 Delivered-To: freebsd-stable@freebsd.org Received: from saturn.terahertz.net (saturn.terahertz.net [209.83.5.170]) by hub.freebsd.org (Postfix) with ESMTP id 6D0E914CC0 for ; Thu, 21 Oct 1999 21:39:19 -0700 (PDT) (envelope-from mustang@TeraHertz.Net) Received: from localhost (mustang@localhost) by saturn.terahertz.net (8.9.3/8.9.3) with ESMTP id XAA44150; Thu, 21 Oct 1999 23:44:48 -0500 (CDT) Date: Thu, 21 Oct 1999 23:44:48 -0500 (CDT) From: Chris Malayter To: "Sean O'Connell" Cc: stable@freebsd.org Subject: Re: some daemon (fwd) In-Reply-To: <19991022003741.A20995@stat.Duke.EDU> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Sure enough, portmap it was, exploitable it wasn't Thank you much sir. Regards, Chris Malayter Mustang@TeraHertz.Net ------------------------------------------------------------------------- Administrator, TeraHertz Communications | | | InterNIC CM3647 | Postmaster, Chorus Networks, Inc. | | ------------------------------------------------------------------------- "Behavior is hard to change...but character is nearly impossible" On Fri, 22 Oct 1999, Sean O'Connell wrote: > Someone could be attemping a buffer overflow attack on your box. Does > the actual syslog entry in /var/log/xxxxxx (messages or whatever) list > the source daemon? Do you have portmap accessible? Maybe they were > trying the amd exploit. > > Hard to tell. > > > On 1999 Oct 21, Chris Malayter (aka mustang@TeraHertz.Net) wrote: > > We experienced some very wierd messages on one of our main servers today. > > Does anyone have any idea at #1 why this would occur, and #2 which daemon > > would be the culprit for allowing these messages to be broadcast? > > > > Chris > > > > saturn:~> > > Message from syslogd@epicuro.itab.unich.it at Thu Oct 21 18:11:54 1999 ... > > epicuro.itab.unich.it > > =>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$^M > > > > Message from syslogd@phobos.unich.it at Thu Oct 21 18:17:48 1999 ... > > phobos.unich.it > > =>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$^M > > > > Message from syslogd@ren.itab.unich.it at Thu Oct 21 20:44:52 1999 ... > > ren.itab.unich.it > > =>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$^M > > > > wtf? > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > -- > ----------------------------------------------------------------------- > Sean O'Connell Email: sean@stat.Duke.EDU > Institute of Statistics and Decision Sciences Phone: (919) 684-5419 > Duke University Fax: (919) 684-8594 > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message