Date: Sat, 08 Sep 2001 20:15:50 +0200 (CEST) From: Salvo Bartolotta <bartequi@neomedia.it> To: future <future.products@12move.nl> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: rpc.statd Message-ID: <999972950.3b9a60562b2bb@webmail.neomedia.it>
next in thread | raw e-mail | index | archive | help
> i get strange errors in my logs from rpc.statd > Sep 8 09:39:14 ns1 rpc.statd: invalid hostname to sm_stat: > ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8 > Sep 8 09:39:14 ns1 /kernel: Sep 8 09:39:14 ns1 rpc.statd: invalid hostname > to sm_stat: ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[ > Sep 8 09:39:14 ns1 /kernel: M-^PM-^P I would say that someone (eg a script kiddie) is trying gain control over your machine via an RPC exploit. This type of attack (by supplying an invalid hostname) was attemped on Linux machines [a] few months ago. Agnosco veteris^W^WI recognize the signature of an old Linux exploit. :-) IIRC (past advisories, posts, etc), FreeBSD 4.3 and later should NOT be vulnerable to this kind of attack. You may wish to check the archives (for advisories and other relevant material) to see if **your** version of FreeBSD is somehow exploitable. HTH, Salvo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?999972950.3b9a60562b2bb>