From owner-freebsd-questions  Tue Jan 16 16:49:26 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from what.ifelse.org (what.ifelse.org [208.171.40.202])
	by hub.freebsd.org (Postfix) with ESMTP id 904D337B404
	for <freebsd-questions@FreeBSD.ORG>; Tue, 16 Jan 2001 16:49:06 -0800 (PST)
Received: from d15.interaccess.net (d15.interaccess.net [216.85.64.15])
	by what.ifelse.org (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id TAA18145;
	Tue, 16 Jan 2001 19:38:30 -0500
Date: Tue, 16 Jan 2001 19:43:21 -0500 (EST)
From: billt <billt@what.ifelse.org>
X-X-Sender:  <billt@zaius.poa>
To: Jon Loeliger <jdl@jdl.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: rpc.statd weirdness?
In-Reply-To: <200101162328.RAA08648@chrome.jdl.com>
Message-ID: <Pine.BSF.4.31.0101161932290.941-100000@zaius.poa>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 16 Jan 2001, Jon Loeliger wrote:

> Folks,
>
> Can anyone give me a hint as to what might be causing an odd
> message in my /var/log/messages file that looks like this:
>
>   Jan 12 00:28:11 chrome rpc.statd: invalid hostname to sm_stat: ^Xw^??^
>   Xw^??^Yw^??^Yw^??^Zw^??^Zw^??^[w^??^[w^??%8x%8x%8x%8x%8x%8x%8x%8x%8x%2
>   36x%n%137x%n%10x%n%192x%n^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
>
> And there follows around 1000 ^P characters.

Could be that someone is trying to break in using a linux rpc.statd
exploit.

Check out: <http://www.cert.org/advisories/CA-2000-17.html>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message