From owner-freebsd-security Thu Jan 25 9:46:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from gifw.genroco.com (genroco.com [205.254.195.202]) by hub.freebsd.org (Postfix) with ESMTP id A7E4237B6A0 for ; Thu, 25 Jan 2001 09:46:37 -0800 (PST) Received: from gi2.genroco.com (IDENT:root@gi2.genroco.com [192.133.120.3]) by gifw.genroco.com (8.9.3/8.9.3) with ESMTP id LAA04366 for ; Thu, 25 Jan 2001 11:46:36 -0600 Received: from scot.genroco.com (scot.genroco.com [192.133.120.125]) by gi2.genroco.com (8.9.3/8.9.3) with SMTP id LAA31504 for ; Thu, 25 Jan 2001 11:46:35 -0600 Message-ID: <026c01c086f6$c2c151e0$7d7885c0@genroco.com> From: "Scot W. Hetzel" To: References: <200101251726.f0PHQei65827@troutmask.apl.washington.edu> <024b01c086f6$0cfda480$7d7885c0@genroco.com> Subject: Re: buffer overflows in rpc.statd? Date: Thu, 25 Jan 2001 11:46:33 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-Mimeole: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: "Scot W. Hetzel" > > Anybody have an Ideal as to what this is? > > Jan 25 03:27:48 spare rpc.statd: invalid hostname to sm_stat: > ^X\xf7\xff\xbf^X\xf7\xff\xbf^Y\xf7\xff\xbf^Y\xf7\xff\xbf^Z\xf7\xff\xbf^Z\xf7 > \x Thanks, Chris for letting us know it's a linux exploit. Is there anyway that we can find the IP address of the script kiddie using this exploit so we can inform their ISP. Thanks, Scot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message