From owner-freebsd-security  Sat Jul 21 21:24:49 2001
Delivered-To: freebsd-security@freebsd.org
Received: from w2xo.pgh.pa.us (18.gibs5.xdsl.nauticom.net [209.195.184.19])
	by hub.freebsd.org (Postfix) with ESMTP id 5C2DD37B403
	for <freebsd-security@freebsd.org>; Sat, 21 Jul 2001 21:24:40 -0700 (PDT)
	(envelope-from durham@w2xo.pgh.pa.us)
Received: from jimslaptop.int (jimslaptop.int [192.168.5.8])
	by w2xo.pgh.pa.us (8.11.3/8.11.3) with ESMTP id f6M4YKm25674
	for <freebsd-security@freebsd.org>; Sun, 22 Jul 2001 00:34:20 -0400 (EDT)
	(envelope-from durham@w2xo.pgh.pa.us)
Date: Sun, 22 Jul 2001 00:25:00 -0400 (EDT)
From: Jim Durham <durham@w2xo.pgh.pa.us>
X-X-Sender:  <durham@jimslaptop.int>
To: <freebsd-security@freebsd.org>
Subject: rpc.statd attacks
Message-ID: <Pine.BSF.4.33.0107220020480.926-100000@jimslaptop.int>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

About 2 or 3 times a week I see an error message saying
invalid host name to rpc.statd and a string of ^P_Ms .

I believe this is a Linux exploit that fails on FreeBSD.

However, since I have port 111 blocked in the firewall,
how in the world is even an error message being generated?

I have even portscanned and 111 is not open to the outside.

-Jim Durham



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message