From owner-freebsd-hackers Wed Jun 6 21:50:29 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from tomts13-srv.bellnexxia.net (tomts13.bellnexxia.net [209.226.175.34]) by hub.freebsd.org (Postfix) with ESMTP id 62F3337B414 for ; Wed, 6 Jun 2001 21:50:26 -0700 (PDT) (envelope-from matt@xena.gsicomp.on.ca) Received: from xena.gsicomp.on.ca ([64.228.152.235]) by tomts13-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP id <20010607045025.KZYQ6458.tomts13-srv.bellnexxia.net@xena.gsicomp.on.ca>; Thu, 7 Jun 2001 00:50:25 -0400 Received: from localhost (matt@localhost) by xena.gsicomp.on.ca (8.11.1/8.11.1) with ESMTP id f574lmp35080; Thu, 7 Jun 2001 00:47:49 -0400 (EDT) (envelope-from matt@xena.gsicomp.on.ca) Date: Thu, 7 Jun 2001 00:47:48 -0400 (EDT) From: Matthew Emmerton To: Dan Phoenix Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: rpc.statd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 6 Jun 2001, Dan Phoenix wrote: > > Jun 6 18:48:10 www rpc.statd: invalid hostname to > sm_stat: ^X^X^Z > ^Z%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hnM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- [ snip ] It's some l33t h4x0r attemting to use a Linux RPC exploit against your FreeBSD machine. From what I've been told, It's harmless (since FreeBSD never had the hole that Linux did), and I see it quite often on some of the public boxes that I run. Are you absolutely sure that this was the cause of your kernel panic? -- Matt Emmerton GSI Computer Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message