Date: Fri, 16 Feb 2001 17:16:47 +0300 From: "Artem Koutchine" <matrix@ipform.ru> To: <questions@FreeBSD.ORG> Cc: <security@FreeBSD.ORG> Subject: rpc.statd attack Message-ID: <004201c09823$1a423dc0$0c00a8c0@ipform.ru>
next in thread | raw e-mail | index | archive | help
Hi! I am regulary getting this: Feb 16 15:01:39 osiris rpc.statd: invalid hostname to sm_stat: ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y ÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n %192x%nM-^ PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM -^PM-^PM-^ PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM -^PM-^PM-^ PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM -^PM-^PM-^ PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- What port should i close or log to detect the connection? I am sure this is a script kiddie, so no IP spoffing or anything tricky is envolved. I'd like log it with ipfw and kick that junkie butt. So, what port is it or as always with RPC it is a tricky business? Regards, Artem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004201c09823$1a423dc0$0c00a8c0>