From owner-freebsd-stable Wed Sep 20 18: 4:47 2000 Delivered-To: freebsd-stable@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 4C4C737B422; Wed, 20 Sep 2000 18:04:46 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id SAA83355; Wed, 20 Sep 2000 18:04:46 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Wed, 20 Sep 2000 18:04:46 -0700 From: Kris Kennaway To: Brandon Fosdick Cc: stable@freebsd.org Subject: Re: Odd log entries...an attempted breakin? Message-ID: <20000920180446.B81946@freefall.freebsd.org> References: <39C8C50C.CA929D8C@glue.umd.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <39C8C50C.CA929D8C@glue.umd.edu>; from bfoz@glue.umd.edu on Wed, Sep 20, 2000 at 10:09:16AM -0400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Sep 20, 2000 at 10:09:16AM -0400, Brandon Fosdick wrote: > For the last week or so I've been seeing the following entries in > /var/log/messages: > > Sep 17 01:17:11 nbf-27 rpc.statd: Invalid hostname to sm_mon: > ^D÷ÿ¿^D÷ÿ¿^E÷ÿ¿^E÷ÿ¿^F÷ÿ¿^F÷ÿ¿^G÷ÿ¿^G÷ÿ¿%08x %08x %08x %08x %08x %08x > %08x %08x Someone is trying to exploit a root hole in the Linux rpc.statd. ou don't have anything to worry about running FreeBSD here :-) However, firewalling is always a good idea. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message