From owner-freebsd-stable Mon Sep 17 9: 0:52 2001 Delivered-To: freebsd-stable@freebsd.org Received: from darkstar.umd.edu (darkstar.umd.edu [128.8.215.163]) by hub.freebsd.org (Postfix) with ESMTP id A931937B40D for ; Mon, 17 Sep 2001 09:00:48 -0700 (PDT) Received: from glue.umd.edu (localhost [127.0.0.1]) by darkstar.umd.edu (8.11.6/8.11.4) with ESMTP id f8HG0lW11735 for ; Mon, 17 Sep 2001 12:00:47 -0400 (EDT) (envelope-from bfoz@glue.umd.edu) Message-ID: <3BA61E2F.13AB177A@glue.umd.edu> Date: Mon, 17 Sep 2001 12:00:47 -0400 From: Brandon Fosdick X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: stable@freebsd.org Subject: Odd log entry Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Recently this has started showing up in my logs Aug 20 21:09:18 uav /kernel: PM-^PM-^P ... Aug 29 08:44:03 uav mountd[137]: umountall request from 128.8.215.158 from unprivileged port Aug 29 08:44:11 uav last message repeated 3 times and this is in the daily security check output... uav.umd.edu kernel log messages: > -- MARK -- > syslogd: /dev/console: Interrupted system call This particular machine has been under continuous bombardment since February. So far its only been the supposedly harmless rpc.statd exploit. Seeing these new log entries has me a little worried. The unmountall requests are originating on the machine itself (128.8.215.158) which makes me nervous. This box is running 4.4-RC5 and is completely headless (no video card, no keyboard, no mouse) and is configured for a serial console. Do I have anything to worry about? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message