Site Navigation

Date:      Fri, 20 Apr 2001 14:37:35 -0700
From:      Josef Grosch <jgrosch@mooseriver.com>
To:        =?iso-8859-1?Q?P=E4r_Thoren?= <t98pth@student.bth.se>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: rpc.statd attack
Message-ID:  <20010420143734.A79887@mooseriver.com>
In-Reply-To: <Pine.GSO.4.21.0104202315040.27489-100000@helios>; from t98pth@student.bth.se on Fri, Apr 20, 2001 at 11:17:55PM %2B0200
References:  <Pine.GSO.4.21.0104202315040.27489-100000@helios>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On Fri, Apr 20, 2001 at 11:17:55PM +0200, Pär Thoren wrote:
> 
> Ok when I get portscanned...but these guys tries to exploit my ass.
> 
> Apr 20 23:09:05 z rpc.statd: invalid hostname to
> sm_stat: ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> 
> I guess it´s the old linux rpc.statd epxloit. But how can I see what IP
> did this? Does rpc.statd log this information by default?
> 
> /Pär


Ya,

I saw a couple of these in my log files last night. I also would like to
find out what the IP of these bozos is. I'd like to let their ISP know that
these guys need to be spank pretty hard.

One should check to see if rpc.statd is turned off in /etc/inetd.conf.


Josef

-- 
Josef Grosch           | Another day closer to a | FreeBSD 4.3
jgrosch@MooseRiver.com |   Micro$oft free world  | www.bafug.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010420143734.A79887>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact