Date: Thu, 29 Mar 2001 22:34:39 -0500 From: scott <smnoldelinux@mediaone.net> To: Dan Delaney <Dionysos@Dionysia.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Freaky message in /var/log/messages Message-ID: <3AC3FECF.BF88BED4@mediaone.net> References: <Pine.BSF.4.21.0103292218120.489-100000@bakchos.dionysia.org>
next in thread | previous in thread | raw e-mail | index | archive | help
That is an attempt at a buffer overflow exploit. Check your version of rpc.statd (why is this listening to the external interface?) and compare with any vulnerabilities at cert.org or securityfocus.com. Do you really need to run that service? - Scott Dan Delaney wrote: > > Hi all > > Lately I've been getting this very bizarre message sent to the > console and put in /var/log/messages. Here it is: > > Mar 29 21:58:47 bakchos rpc.statd: invalid hostname to sm_stat: > ^Xw^??^Xw^??^Yw^??^Yw^??^Zw^??^Zw^??^[w^??^[w^??%8x%8x%8x%8x%8x% > 8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P > ^P^P^P^P > > That's it. The whole thing in its glorious entirety! (All of that is > actually on one line in the file.) > > Anyone have any idea what the hell that's all about? :-) > > Thanks a lot. > -- Dan > ________________________________________________________________________ > Dionysos@Dionysia.org Daniel G. Delaney > www.Dionysia.org/~dionysos/ > PGP Public Key: /~dionysos/pgp.html > ------------------------------------------------------------------------ > A king's castle is his home. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- ----------- Scott Nolde ----------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AC3FECF.BF88BED4>