From owner-freebsd-questions Sat Sep 8 12:39:54 2001 Delivered-To: freebsd-questions@freebsd.org Received: from amsfep13-int.chello.nl (amsfep13-int.chello.nl [213.46.243.23]) by hub.freebsd.org (Postfix) with ESMTP id 8995F37B401 for ; Sat, 8 Sep 2001 12:39:49 -0700 (PDT) Received: from ftp ([213.46.13.104]) by amsfep13-int.chello.nl (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with SMTP id <20010908193639.WWKZ18584.amsfep13-int.chello.nl@ftp>; Sat, 8 Sep 2001 21:36:39 +0200 Message-ID: <004301c1389e$64d5b580$680d2ed5@ftp> From: "future" To: "Salvo Bartolotta" Cc: References: <999972950.3b9a60562b2bb@webmail.neomedia.it> Subject: Re: rpc.statd Date: Sat, 8 Sep 2001 21:42:28 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG i'm running freebsd 4.3 so probelly nothing to worry about thanx , is there a special site where i can find this sort off things (security- site) ----- Original Message ----- From: "Salvo Bartolotta" To: "future" Cc: Sent: Saturday, September 08, 2001 8:15 PM Subject: Re: rpc.statd > > i get strange errors in my logs from rpc.statd > > > Sep 8 09:39:14 ns1 rpc.statd: invalid hostname to sm_stat: > > ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8 > > Sep 8 09:39:14 ns1 /kernel: Sep 8 09:39:14 ns1 rpc.statd: invalid hostname > > to sm_stat: ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[ > > Sep 8 09:39:14 ns1 /kernel: M-^PM-^P > > > > > I would say that someone (eg a script kiddie) is trying gain control over your > machine via an RPC exploit. > > This type of attack (by supplying an invalid hostname) was attemped on Linux > machines [a] few months ago. Agnosco veteris^W^WI recognize the signature of > an old Linux exploit. :-) > > IIRC (past advisories, posts, etc), FreeBSD 4.3 and later should NOT be > vulnerable to this kind of attack. You may wish to check the archives (for > advisories and other relevant material) to see if **your** version of FreeBSD > is somehow exploitable. > > HTH, > Salvo > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message