Date: Thu, 23 Aug 2001 23:33:42 +0930 From: Phil Pittard <sens@sens.com.au> To: Mark Newton <newton@atdot.dotat.org> Cc: freebsd-security@freebsd.org Subject: Re: Attempts to overflow rpc.statd Message-ID: <3B850D3E.4DF406B3@sens.com.au> References: <20010823195855.A77982@atdot.dotat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
There was a Linux rpc.statd attack I saw last year which looked like this.... I just did some hunting & found some refs to it at this url: http://www.havelmark.com/~rmartin/31337.html theres a link there to RedHat with the patch... no idea what effect, if any, it would have on FreeBSD.... my guess would be none. Phil. ==== Mark Newton wrote: > > I've been seeing these in syslog for the last week or so. Has anyone > else run across them? > > It looks like a buffer overflow attempt on rpc.statd, but since there > aren't any FreeBSD advisories about it I'm guessing that the script > kiddies are hitting on it at random without necessarily knowing about > what kind of architecture or OS they're trying to attack. > > Does it look familiar to anyone else? > > - mark > > Aug 23 19:16:36 foo rpc.statd: invalid hostname to sm_stat: ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM > -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > > -------------------------------------------------------------------- > I tried an internal modem, newton@atdot.dotat.org > but it hurt when I walked. Mark Newton > ----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 ----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Phil Pittard IT Consultant SENS/SECNET http://www.sens.com.au http://www.itsupport4schools.com ================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B850D3E.4DF406B3>