Date: Thu, 21 Sep 2000 09:07:50 +0200 From: Thierry.Herbelot@alcatel.fr To: Kris Kennaway <kris@FreeBSD.ORG> Cc: Brandon Fosdick <bfoz@glue.umd.edu>, stable@FreeBSD.ORG Subject: Re: Odd log entries...an attempted breakin? Message-ID: <C1256961.00272C16.00@frmta003.netfr.alcatel.fr>
index | next in thread | raw e-mail
[-- Attachment #1 --]
Hello,
Anyway, is it at all reasonable to have an rpc port open on a internet-accessible machine ?
Even if the code in FreeBSD has been audited, you never know if there is one more (potentially
exploitable) bug.
TfH
Kris Kennaway <kris@FreeBSD.ORG> on 21/09/2000 03:04:46
To: Brandon Fosdick <bfoz@glue.umd.edu>
cc: stable@FreeBSD.ORG(bcc: Thierry
HERBELOT/FR/ALCATEL)
Subject: Re: Odd log entries...an attempted breakin?
[-- Attachment #2 --]
On Wed, Sep 20, 2000 at 10:09:16AM -0400, Brandon Fosdick wrote:
> For the last week or so I've been seeing the following entries in
> /var/log/messages:
>
> Sep 17 01:17:11 nbf-27 rpc.statd: Invalid hostname to sm_mon:
> ^D÷ÿ¿^D÷ÿ¿^E÷ÿ¿^E÷ÿ¿^F÷ÿ¿^F÷ÿ¿^G÷ÿ¿^G÷ÿ¿%08x %08x %08x %08x %08x %08x
> %08x %08x
Someone is trying to exploit a root hole in the Linux rpc.statd.
ou don't have anything to worry about running FreeBSD here :-)
However, firewalling is always a good idea.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C1256961.00272C16.00>