From owner-freebsd-security  Thu Oct 12  0:12:46 2000
Delivered-To: freebsd-security@freebsd.org
Received: from obelix.rby.hk-r.se (obelix.rby.hk-r.se [194.47.134.4])
	by hub.freebsd.org (Postfix) with ESMTP id AE50537B503
	for <freebsd-security@freebsd.org>; Thu, 12 Oct 2000 00:12:43 -0700 (PDT)
Received: from orc.rby.hk-r.se (orc [194.47.134.179])
	by obelix.rby.hk-r.se (8.10.2/8.10.2) with ESMTP id e9C7CrK19448
	for <freebsd-security@freebsd.org>; Thu, 12 Oct 2000 09:12:53 +0200 (MEST)
Received: from localhost (t98pth@localhost)
	by orc.rby.hk-r.se (8.10.2/8.10.2) with ESMTP id e9C7CUs18642
	for <freebsd-security@freebsd.org>; Thu, 12 Oct 2000 09:12:31 +0200 (MET DST)
Date: Wed, 11 Oct 2000 23:46:08 +0200 (MET DST)
From: =?ISO-8859-1?Q?P=E4r_Thoren?= <t98pth@student.hk-r.se>
To: freebsd-security@freebsd.org
Subject: rpc.statd
Message-ID: <Pine.GSO.4.21.0010112337560.15640-100000@orc.rby.hk-r.se>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Hi!

I got this today in my /var/log/messages


Oct 11 23:28:43 z rpc.statd: invalid hostname to sm_stat: ^X=F7=FF=BF^X=F7=
=FF=BF^Y=F7=FF=BF^Y=F7=FF=BF^Z=F7=FF=BF^Z=F7=FF=BF^[=F7=FF=BF^[=F7=FF=BF%8x=
%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^P=
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^=
PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-=
^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM=
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P=
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^=
PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-=
^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM=
-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P=
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^=
PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-=
^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM=
-^PM-^PM-^PM-^PM-^PM-^P


=2E.oh ..that=B4s a strange hostname.

Which exploit is it that the attacker tries to use? I guess I=B4m not
vulnerable cause I=B4m still around ;)

Also, where can I find the ip of the attacker? Is it logged?=20


/P=E4r





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message