Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Sep 2000 09:07:50 +0200
From:      Thierry.Herbelot@alcatel.fr
To:        Kris Kennaway <kris@FreeBSD.ORG>
Cc:        Brandon Fosdick <bfoz@glue.umd.edu>, stable@FreeBSD.ORG
Subject:   Re: Odd log entries...an attempted breakin?
Message-ID:  <C1256961.00272C16.00@frmta003.netfr.alcatel.fr>
next in thread | raw e-mail | index | archive | help 
--0__=FtUPYGBv2pSeT3tWZ31XTVsaE8QFV5GyonpmHKsyEtwmcMo7pWwvGn7X
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline



Hello,

Anyway, is it at all reasonable to have an rpc port open on a internet-accessible machine ?

Even if the code in FreeBSD has been audited, you never know if there is one more (potentially
exploitable) bug.

     TfH




Kris Kennaway <kris@FreeBSD.ORG> on 21/09/2000 03:04:46
                                                              
                                                              
                                                              
 To:      Brandon Fosdick <bfoz@glue.umd.edu>                 
                                                              
 cc:      stable@FreeBSD.ORG(bcc: Thierry                     
          HERBELOT/FR/ALCATEL)                                
                                                              
                                                              
                                                              
 Subject: Re: Odd log entries...an attempted breakin?         
                                                              





--0__=FtUPYGBv2pSeT3tWZ31XTVsaE8QFV5GyonpmHKsyEtwmcMo7pWwvGn7X
Content-type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-transfer-encoding: quoted-printable



On Wed, Sep 20, 2000 at 10:09:16AM -0400, Brandon Fosdick wrote:
> For the last week or so I've been seeing the following entries in
> /var/log/messages:
>
> Sep 17 01:17:11 nbf-27 rpc.statd: Invalid hostname to sm_mon:
> ^D=F7=FF=BF^D=F7=FF=BF^E=F7=FF=BF^E=F7=FF=BF^F=F7=FF=BF^F=F7=FF=BF^G=F7=
=FF=BF^G=F7=FF=BF%08x %08x %08x %08x %08x %08x
> %08x %08x

Someone is trying to exploit a root hole in the Linux rpc.statd.
ou don't have anything to worry about running FreeBSD here :-)

However, firewalling is always a good idea.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

=

--0__=FtUPYGBv2pSeT3tWZ31XTVsaE8QFV5GyonpmHKsyEtwmcMo7pWwvGn7X--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C1256961.00272C16.00>