From owner-freebsd-security Fri Feb 16 6:17: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from osiris.ipform.ru (osiris.ipform.ru [212.158.165.98]) by hub.freebsd.org (Postfix) with ESMTP id 6B03137B65D; Fri, 16 Feb 2001 06:16:51 -0800 (PST) Received: from wp2 (localhost.ipform.ru [127.0.0.1]) by osiris.ipform.ru (8.11.2/8.11.2) with SMTP id f1GEGn257844; Fri, 16 Feb 2001 17:16:49 +0300 (MSK) (envelope-from matrix@ipform.ru) Message-ID: <004201c09823$1a423dc0$0c00a8c0@ipform.ru> From: "Artem Koutchine" To: Cc: Subject: rpc.statd attack Date: Fri, 16 Feb 2001 17:16:47 +0300 Organization: IP Form MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! I am regulary getting this: Feb 16 15:01:39 osiris rpc.statd: invalid hostname to sm_stat: ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y ÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n %192x%nM-^ PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM -^PM-^PM-^ PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM -^PM-^PM-^ PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM -^PM-^PM-^ PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- What port should i close or log to detect the connection? I am sure this is a script kiddie, so no IP spoffing or anything tricky is envolved. I'd like log it with ipfw and kick that junkie butt. So, what port is it or as always with RPC it is a tricky business? Regards, Artem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message