From owner-freebsd-questions  Mon Apr 23 11:27:14 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from nebula.anchoragerescue.org (cable-115-7-237-24.anchorageak.net [24.237.7.115])
	by hub.freebsd.org (Postfix) with ESMTP id F0CBF37B424
	for <questions@freebsd.org>; Mon, 23 Apr 2001 11:27:08 -0700 (PDT)
	(envelope-from akbeech@anchoragerescue.org)
Received: from galaxy.anchoragerescue.org (galaxy.anchoragerescue.org [24.237.7.95])
	by nebula.anchoragerescue.org (Postfix) with SMTP
	id D1088439; Mon, 23 Apr 2001 10:27:07 -0800 (AKDT)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Beech Rintoul <akbeech@anchoragerescue.org>
To: "Nathan Vidican" <webmaster@wmptl.com>, questions@freebsd.org
Subject: Re: Continously getting error 'rpc.statd: invalid hostname to sm_stat: ...' could it be a DOS attack?
Date: Mon, 23 Apr 2001 10:27:07 -0800
X-Mailer: KMail [version 1.2]
References: <200104231831.OAA47437@mail2.wmptl.com>
In-Reply-To: <200104231831.OAA47437@mail2.wmptl.com>
MIME-Version: 1.0
Message-Id: <01042310270701.01587@galaxy.anchoragerescue.org>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Monday 23 April 2001 10:31, Nathan Vidican wrote:
> We have been, (for several weeks now), been getting the error message
> (logged to both the console, and /var/log/messages) as follows:
>
> Apr 17 11:43:35 home rpc.statd: invalid hostname to sm_stat: ^X\xf7
> \xff\xbf^X\xf7\xff\xbf^Y\xf7\xff\xbf^Y\xf7\xff\xbf^Z\xf7\xff\xbf^Z\xf7
> \xff\xbf^[\xf7\xff\xbf^[\xf7\xff\xbf%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%
> 137x%n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
> -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^P
>
> What does this error mean? What is causing it? How can we fix it? It
> seems to be happening on several machines, all running various
> snapshots of 4.2-STABLE, but this is the only machine it seems to be
> hindering performance on.
>    The machine seems to unexplicably loose network connectivity to our
> LAN; no error(s), valid link on the switch, but no ping/net traffic in
> or out. We have since Friday replaced the NIC which looses connectivity
> assuming perhaps it was a faulty NIC, (or due to a recent upgrade of
> our network to 100BaseFX unable to handle load -was a cheap card).  The
> system has not since Friday gone down as it was last week, but the
> above noted error is being logged to the screen far more frequently,
> (10-30 times per day now).
>    The machine from above is (uname -a):
>
> FreeBSD home.wmptl.com 4.1-20000729-STABLE FreeBSD 4.1-20000729-STABLE
> #1: Thu Apr 19 16:53:54 EDT 2001
> nvidican@home.wmptl.com:/usr/src/sys/compile/wmp2  i386
>
>    I would greatly appreciate any thoughts, comments, or insight into
> the problem that anyone could share. This one's not making any sense to
> me; could it be some sort of DOS attack? If any more information
> required to give a better understanding of what's going on, please
> email me and I will attempt to clearify in more detail than this email
> does.

It' a hack attempt with an old Linux kiddie script. Never affected FreeBSD, 
and no longer works on Linux. I wouldn't worry about it, we get that three or 
four times a day.

Beech
-- 
-------------------------------------------------------------------
     Beech Rintoul - IT Manager - Instructor - akbeech@anchoragerescue.org
/"\   ASCII Ribbon Campaign  | Anchorage Gospel Rescue Mission
\ / - NO HTML/RTF in e-mail  | P.O. Box 230510
 X  - NO Word docs in e-mail | Anchorage, AK 99523-0510
/ \ -----------------------------------------------------------------












To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message