Date: Mon, 4 Jun 2001 10:06:15 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Josh Thomas <jdt2101@ksu.edu> Cc: freebsd-security@freebsd.org Subject: Re: rpc.statd attack before ipfw activated Message-ID: <20010604100615.B31878@ringworld.oblivion.bg> In-Reply-To: <Pine.GSO.4.21L.0106040126530.3155-100000@unix1.cc.ksu.edu>; from jdt2101@ksu.edu on Mon, Jun 04, 2001 at 01:30:42AM -0500 References: <3B1A92C6.8030301@bsd.st> <Pine.GSO.4.21L.0106040126530.3155-100000@unix1.cc.ksu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 04, 2001 at 01:30:42AM -0500, Josh Thomas wrote: > I didn't set up ipfw for a couple of days in between setting up a small > nfs server for an in-home lan, and I got this in my system log. I realize > that I should have set up ipfw before doing this now, but any ideas what > just happened? Here is the log: > Jun 2 19:36:41 thatguys rpc.statd: invalid hostname to > sm_stat: ^X\xf7\xff\xbf^ [snip] > > And it cut off there. This is a home machine, and yes, I realize that a > firewall should have been running first, however, I didn't have time. I'm > a relative novice to rpc and nfs in general, so any clues would be > appreciated. Thanks, There is no known vulnerability in recent FreeBSD rpc.statd(8). However, there *have* been known vulnerabilities in rpc.statd's of several other OS's in relatively recent versions. What you are seeing is someone trying to exploit such a vulnerability, and failing, causing no harm whatsoever to your system. G'luck, Peter -- This sentence would be seven words long if it were six words shorter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010604100615.B31878>