Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 16 Feb 2001 17:16:47 +0300
From:      "Artem Koutchine" <matrix@ipform.ru>
To:        <questions@FreeBSD.ORG>
Cc:        <security@FreeBSD.ORG>
Subject:   rpc.statd attack
Message-ID:  <004201c09823$1a423dc0$0c00a8c0@ipform.ru>

next in thread | raw e-mail | index | archive | help
Hi!

I am regulary getting this:

Feb 16 15:01:39 osiris rpc.statd: invalid hostname to sm_stat:
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y
÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n
%192x%nM-^
PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^
PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^
PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
-^PM-^PM-^
PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-


What port should i close or log to detect the connection? I am sure
this is a script
kiddie, so no IP spoffing or anything tricky is envolved. I'd like log
it with ipfw and
kick that junkie butt. So, what port is it or as always with RPC it is
a tricky business?

Regards,
Artem



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004201c09823$1a423dc0$0c00a8c0>