From owner-freebsd-stable  Thu Sep 21  0: 8: 4 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from mel.alcatel.fr (mel.alcatel.fr [212.208.74.132])
	by hub.freebsd.org (Postfix) with ESMTP
	id 377F637B422; Thu, 21 Sep 2000 00:08:00 -0700 (PDT)
Received: from aifhs10.alcatel.fr (mailhub2.alcatel.fr [155.132.188.80])
        by mel.alcatel.fr (ALCANET/SMTP) with ESMTP id JAA08782;
        Thu, 21 Sep 2000 09:07:22 +0200
From: Thierry.Herbelot@alcatel.fr
Received: from frmta003.netfr.alcatel.fr (frmta003.netfr.alcatel.fr [155.132.251.32])
        by aifhs10.alcatel.fr (ALCANET/SMTP2) with SMTP id JAA29807;
        Thu, 21 Sep 2000 09:02:31 +0200 (MET DST)
Received: by frmta003.netfr.alcatel.fr(Lotus SMTP MTA v4.6.7  (934.1 12-30-1999))  id C1256961.00272DF9 ; Thu, 21 Sep 2000 09:07:56 +0200
X-Lotus-FromDomain: ALCATEL
To: Kris Kennaway <kris@FreeBSD.ORG>
Cc: Brandon Fosdick <bfoz@glue.umd.edu>, stable@FreeBSD.ORG
Message-ID: <C1256961.00272C16.00@frmta003.netfr.alcatel.fr>
Date: Thu, 21 Sep 2000 09:07:50 +0200
Subject: Re: Odd log entries...an attempted breakin?
Mime-Version: 1.0
Content-type: multipart/mixed; 
	Boundary="0__=FtUPYGBv2pSeT3tWZ31XTVsaE8QFV5GyonpmHKsyEtwmcMo7pWwvGn7X"
Content-Disposition: inline
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

--0__=FtUPYGBv2pSeT3tWZ31XTVsaE8QFV5GyonpmHKsyEtwmcMo7pWwvGn7X
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline



Hello,

Anyway, is it at all reasonable to have an rpc port open on a internet-accessible machine ?

Even if the code in FreeBSD has been audited, you never know if there is one more (potentially
exploitable) bug.

     TfH




Kris Kennaway <kris@FreeBSD.ORG> on 21/09/2000 03:04:46
                                                              
                                                              
                                                              
 To:      Brandon Fosdick <bfoz@glue.umd.edu>                 
                                                              
 cc:      stable@FreeBSD.ORG(bcc: Thierry                     
          HERBELOT/FR/ALCATEL)                                
                                                              
                                                              
                                                              
 Subject: Re: Odd log entries...an attempted breakin?         
                                                              





--0__=FtUPYGBv2pSeT3tWZ31XTVsaE8QFV5GyonpmHKsyEtwmcMo7pWwvGn7X
Content-type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-transfer-encoding: quoted-printable



On Wed, Sep 20, 2000 at 10:09:16AM -0400, Brandon Fosdick wrote:
> For the last week or so I've been seeing the following entries in
> /var/log/messages:
>
> Sep 17 01:17:11 nbf-27 rpc.statd: Invalid hostname to sm_mon:
> ^D=F7=FF=BF^D=F7=FF=BF^E=F7=FF=BF^E=F7=FF=BF^F=F7=FF=BF^F=F7=FF=BF^G=F7=
=FF=BF^G=F7=FF=BF%08x %08x %08x %08x %08x %08x
> %08x %08x

Someone is trying to exploit a root hole in the Linux rpc.statd.
ou don't have anything to worry about running FreeBSD here :-)

However, firewalling is always a good idea.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

=

--0__=FtUPYGBv2pSeT3tWZ31XTVsaE8QFV5GyonpmHKsyEtwmcMo7pWwvGn7X--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message