From owner-freebsd-security Thu Mar 8 6:36:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from castle.dreaming.org (castle.dreaming.org [216.221.214.170]) by hub.freebsd.org (Postfix) with ESMTP id 8D9D537B719 for ; Thu, 8 Mar 2001 06:36:20 -0800 (PST) (envelope-from mit@mitayai.net) Received: from cr592943a (host-177.creativehouse.maxlink.com [216.221.214.177]) by castle.dreaming.org (8.11.2/8.11.2) with SMTP id f28Ea6004668; Thu, 8 Mar 2001 09:36:10 -0500 (EST) (envelope-from mit@mitayai.net) From: "Will Mitayai Keeso Rowe" To: , "Will Mitayai Keeso Rowe" , Cc: Subject: RE: strange messages Date: Thu, 8 Mar 2001 09:33:30 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <200103081428.GAA02075@uno.tksoft.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Acording to CERT (the latest statd message seems to be http://www.kb.cert.org/vuls/id/34043) FreeBSD is not vulnerable to rpc.statd problems. But, i still have a question... how can i better log attempts to hack my machine's rpc.statd? It would be nice to have an IP of the connecting box so i can see if they are doing it remotely or by an account on my machine. -Mit :-----Original Message----- :From: tjk@tksoft.com [mailto:tjk@tksoft.com] :Sent: March 8, 2001 09:29 AM :To: Will Mitayai Keeso Rowe :Cc: freebsd-security@FreeBSD.ORG :Subject: Re: strange messages : : :rpc.statd has known problems. : :Please look at http://www.cert.org/ and look for rpc.statd. : :I would be concerned, but that's me. : :Most RPC services are just big holes, when opened to the :Internet. (My opinion. If you disagree, I already agree with you. Fine.) : : : :Troy : :> :> :> I noticed the following messages in my logs... anything i should be :> worried about? Is there a way to log this better next time so i can get :> IPs and such? :> :> Regards, :> Mit :> :> Weirdness: :> :> Mar 7 00:07:55 machine rpc.statd: invalid hostname to sm_stat: :^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x :%236x%n%137x%n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P :M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^ :PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- :^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM :-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P :M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^ :PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- :^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM :-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P :M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^ :PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- :^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM :-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^! :! :> PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P :> Mar 7 00:07:55 machine /kernel: -^PM-^PM-^P :> :> System: :> :> FreeBSD machine 4.2-STABLE FreeBSD 4.2-STABLE #3: Mon Feb 19 11:19:05 EST :> 2001 root@machine:/usr/obj/usr/src/sys/machine i386 :> :> :> -- :> --- :> Will Mitayai Keeso Rowe :> Toronto, Ontario, Canada :> mitayai@dreaming.org :> :> :> To Unsubscribe: send mail to majordomo@FreeBSD.org :> with "unsubscribe freebsd-security" in the body of the message :> : : : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message