Date: Thu, 8 Mar 2001 09:33:30 -0500 From: "Will Mitayai Keeso Rowe" <mit@mitayai.net> To: <tjk@tksoft.com>, "Will Mitayai Keeso Rowe" <mitayai@dreaming.org>, <will@physics.purdue.edu> Cc: <freebsd-security@FreeBSD.ORG> Subject: RE: strange messages Message-ID: <NEBBIEGPMLMKDBMMICFNIEIPELAA.mit@mitayai.net> In-Reply-To: <200103081428.GAA02075@uno.tksoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Acording to CERT (the latest statd message seems to be http://www.kb.cert.org/vuls/id/34043) FreeBSD is not vulnerable to rpc.statd problems. But, i still have a question... how can i better log attempts to hack my machine's rpc.statd? It would be nice to have an IP of the connecting box so i can see if they are doing it remotely or by an account on my machine. -Mit :-----Original Message----- :From: tjk@tksoft.com [mailto:tjk@tksoft.com] :Sent: March 8, 2001 09:29 AM :To: Will Mitayai Keeso Rowe :Cc: freebsd-security@FreeBSD.ORG :Subject: Re: strange messages : : :rpc.statd has known problems. : :Please look at http://www.cert.org/ and look for rpc.statd. : :I would be concerned, but that's me. : :Most RPC services are just big holes, when opened to the :Internet. (My opinion. If you disagree, I already agree with you. Fine.) : : : :Troy : :> :> :> I noticed the following messages in my logs... anything i should be :> worried about? Is there a way to log this better next time so i can get :> IPs and such? :> :> Regards, :> Mit :> :> Weirdness: :> :> Mar 7 00:07:55 machine rpc.statd: invalid hostname to sm_stat: :^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x :%236x%n%137x%n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P :M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^ :PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- :^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM :-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P :M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^ :PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- :^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM :-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P :M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^ :PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- :^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM :-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^! :! :> PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P :> Mar 7 00:07:55 machine /kernel: -^PM-^PM-^P :> :> System: :> :> FreeBSD machine 4.2-STABLE FreeBSD 4.2-STABLE #3: Mon Feb 19 11:19:05 EST :> 2001 root@machine:/usr/obj/usr/src/sys/machine i386 :> :> :> -- :> --- :> Will Mitayai Keeso Rowe :> Toronto, Ontario, Canada :> mitayai@dreaming.org :> :> :> To Unsubscribe: send mail to majordomo@FreeBSD.org :> with "unsubscribe freebsd-security" in the body of the message :> : : : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBIEGPMLMKDBMMICFNIEIPELAA.mit>