From owner-freebsd-stable Thu Sep 21 0: 8: 4 2000 Delivered-To: freebsd-stable@freebsd.org Received: from mel.alcatel.fr (mel.alcatel.fr [212.208.74.132]) by hub.freebsd.org (Postfix) with ESMTP id 377F637B422; Thu, 21 Sep 2000 00:08:00 -0700 (PDT) Received: from aifhs10.alcatel.fr (mailhub2.alcatel.fr [155.132.188.80]) by mel.alcatel.fr (ALCANET/SMTP) with ESMTP id JAA08782; Thu, 21 Sep 2000 09:07:22 +0200 From: Thierry.Herbelot@alcatel.fr Received: from frmta003.netfr.alcatel.fr (frmta003.netfr.alcatel.fr [155.132.251.32]) by aifhs10.alcatel.fr (ALCANET/SMTP2) with SMTP id JAA29807; Thu, 21 Sep 2000 09:02:31 +0200 (MET DST) Received: by frmta003.netfr.alcatel.fr(Lotus SMTP MTA v4.6.7 (934.1 12-30-1999)) id C1256961.00272DF9 ; Thu, 21 Sep 2000 09:07:56 +0200 X-Lotus-FromDomain: ALCATEL To: Kris Kennaway Cc: Brandon Fosdick , stable@FreeBSD.ORG Message-ID: Date: Thu, 21 Sep 2000 09:07:50 +0200 Subject: Re: Odd log entries...an attempted breakin? Mime-Version: 1.0 Content-type: multipart/mixed; Boundary="0__=FtUPYGBv2pSeT3tWZ31XTVsaE8QFV5GyonpmHKsyEtwmcMo7pWwvGn7X" Content-Disposition: inline Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --0__=FtUPYGBv2pSeT3tWZ31XTVsaE8QFV5GyonpmHKsyEtwmcMo7pWwvGn7X Content-type: text/plain; charset=us-ascii Content-Disposition: inline Hello, Anyway, is it at all reasonable to have an rpc port open on a internet-accessible machine ? Even if the code in FreeBSD has been audited, you never know if there is one more (potentially exploitable) bug. TfH Kris Kennaway on 21/09/2000 03:04:46 To: Brandon Fosdick cc: stable@FreeBSD.ORG(bcc: Thierry HERBELOT/FR/ALCATEL) Subject: Re: Odd log entries...an attempted breakin? --0__=FtUPYGBv2pSeT3tWZ31XTVsaE8QFV5GyonpmHKsyEtwmcMo7pWwvGn7X Content-type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-transfer-encoding: quoted-printable On Wed, Sep 20, 2000 at 10:09:16AM -0400, Brandon Fosdick wrote: > For the last week or so I've been seeing the following entries in > /var/log/messages: > > Sep 17 01:17:11 nbf-27 rpc.statd: Invalid hostname to sm_mon: > ^D=F7=FF=BF^D=F7=FF=BF^E=F7=FF=BF^E=F7=FF=BF^F=F7=FF=BF^F=F7=FF=BF^G=F7= =FF=BF^G=F7=FF=BF%08x %08x %08x %08x %08x %08x > %08x %08x Someone is trying to exploit a root hole in the Linux rpc.statd. ou don't have anything to worry about running FreeBSD here :-) However, firewalling is always a good idea. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message = --0__=FtUPYGBv2pSeT3tWZ31XTVsaE8QFV5GyonpmHKsyEtwmcMo7pWwvGn7X-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message