Date: Sat, 8 Sep 2001 21:42:28 +0200 From: "future" <future.products@12move.nl> To: "Salvo Bartolotta" <bartequi@neomedia.it> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: rpc.statd Message-ID: <004301c1389e$64d5b580$680d2ed5@ftp> References: <999972950.3b9a60562b2bb@webmail.neomedia.it>
next in thread | previous in thread | raw e-mail | index | archive | help
i'm running freebsd 4.3 so probelly nothing to worry about thanx , is there a special site where i can find this sort off things (security- site) ----- Original Message ----- From: "Salvo Bartolotta" <bartequi@neomedia.it> To: "future" <future.products@12move.nl> Cc: <freebsd-questions@FreeBSD.ORG> Sent: Saturday, September 08, 2001 8:15 PM Subject: Re: rpc.statd > > i get strange errors in my logs from rpc.statd > > > Sep 8 09:39:14 ns1 rpc.statd: invalid hostname to sm_stat: > > ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8 > > Sep 8 09:39:14 ns1 /kernel: Sep 8 09:39:14 ns1 rpc.statd: invalid hostname > > to sm_stat: ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[ > > Sep 8 09:39:14 ns1 /kernel: M-^PM-^P > > > > > I would say that someone (eg a script kiddie) is trying gain control over your > machine via an RPC exploit. > > This type of attack (by supplying an invalid hostname) was attemped on Linux > machines [a] few months ago. Agnosco veteris^W^WI recognize the signature of > an old Linux exploit. :-) > > IIRC (past advisories, posts, etc), FreeBSD 4.3 and later should NOT be > vulnerable to this kind of attack. You may wish to check the archives (for > advisories and other relevant material) to see if **your** version of FreeBSD > is somehow exploitable. > > HTH, > Salvo > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004301c1389e$64d5b580$680d2ed5>