Date: Fri, 14 Sep 2001 08:51:40 -0600 From: Mike Porter <mupi@mknet.org> To: "David DeTinne" <David@DeTinne.com>, freebsd-questions@freebsd.org Subject: Re: Possible Attack Message-ID: <200109141451.f8EEpfc29800@c1828785-a.saltlk1.ut.home.com> In-Reply-To: <200109131755480608.0773527C@63.204.69.245> References: <200109131755480608.0773527C@63.204.69.245>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 13 September 2001 06:55 pm, David DeTinne wrote: > Could someone explain why I continus to see > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- scroll across my screen? Is this what > the remote telnetd script does to the receiving machine? If you could CC a > reply to me, I would appreciate it. > > Thanks, > > David DeTinne This is a symptom of an rpc.statd linux attack. It probably says something like "rpc.statd: invalid hostanme to sm_stat: ^PM-^PM-^PM.... " for about six lines. As far as I understand, our version of rpc isn't vulnerable to this. I haven't (yet) figured out how to block this in ipf. Anyone have any pointers? mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109141451.f8EEpfc29800>