From owner-freebsd-questions Mon Apr 23 11:22: 0 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail2.wmptl.com (mail2.wmptl.com [216.94.6.26]) by hub.freebsd.org (Postfix) with ESMTP id 254AC37B422 for ; Mon, 23 Apr 2001 11:21:56 -0700 (PDT) (envelope-from webmaster@wmptl.com) Received: (from apache@localhost) by mail2.wmptl.com (8.9.3/8.9.3) id OAA47437; Mon, 23 Apr 2001 14:31:11 -0400 (EDT) (envelope-from webmaster@wmptl.com) Date: Mon, 23 Apr 2001 14:31:11 -0400 (EDT) Message-Id: <200104231831.OAA47437@mail2.wmptl.com> From: "Nathan Vidican" To: questions@freebsd.org Subject: Continously getting error 'rpc.statd: invalid hostname to sm_stat: ...' could it be a DOS attack? X-Mailer: NeoMail 1.20 X-IPAddress: 216.94.6.26 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG We have been, (for several weeks now), been getting the error message (logged to both the console, and /var/log/messages) as follows: Apr 17 11:43:35 home rpc.statd: invalid hostname to sm_stat: ^X\xf7 \xff\xbf^X\xf7\xff\xbf^Y\xf7\xff\xbf^Y\xf7\xff\xbf^Z\xf7\xff\xbf^Z\xf7 \xff\xbf^[\xf7\xff\xbf^[\xf7\xff\xbf%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n% 137x%n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM^PM- ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM^PM- ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- ^PM-^PM-^PM-^PM-^PM-^PM-^P What does this error mean? What is causing it? How can we fix it? It seems to be happening on several machines, all running various snapshots of 4.2-STABLE, but this is the only machine it seems to be hindering performance on. The machine seems to unexplicably loose network connectivity to our LAN; no error(s), valid link on the switch, but no ping/net traffic in or out. We have since Friday replaced the NIC which looses connectivity assuming perhaps it was a faulty NIC, (or due to a recent upgrade of our network to 100BaseFX unable to handle load -was a cheap card). The system has not since Friday gone down as it was last week, but the above noted error is being logged to the screen far more frequently, (10-30 times per day now). The machine from above is (uname -a): FreeBSD home.wmptl.com 4.1-20000729-STABLE FreeBSD 4.1-20000729-STABLE #1: Thu Apr 19 16:53:54 EDT 2001 nvidican@home.wmptl.com:/usr/src/sys/compile/wmp2 i386 I would greatly appreciate any thoughts, comments, or insight into the problem that anyone could share. This one's not making any sense to me; could it be some sort of DOS attack? If any more information required to give a better understanding of what's going on, please email me and I will attempt to clearify in more detail than this email does. -- Nathan Vidican webmaster@wmptl.com Windsor Match Plate & Tool Ltd. http://www.wmptl.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message