Date: Mon, 10 Dec 2001 01:46:16 -0500 From: Jim Conner <jconner@enterit.com> To: jacks@sage-american.com Cc: freebsd-questions@freebsd.org Subject: Re: Intruder attempts? Message-ID: <5.1.0.14.0.20011210014602.04020258@mail.enterit.com> In-Reply-To: <3.0.5.32.20011209075850.0101cb38@mail.sage-american.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 07:58 12.09.2001 -0600, jacks@sage-american.com wrote: >I've noticed this often on the console of the server and appears to be >intruder attempts to login: This is just a snipet: > ><snip/> >server1.net kernel log messages: > > Dec 8 03:41:47 sage-one rpc.statd: invalid hostname to sm_stat: >^X\M-w\M^?\M-?^X\M-w\M^?\M-?^Y\M-w\M^?\M-?^Y\M-w\M^?\M-?^Z\M-w\M^?\M-?^Z\M-w >\M^?\M-?^[\M-w\M^?\M-?^[\M-w\M^?\M-?%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x% >n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P ></snip> > This is a bad thing. This is somebody attempting to use a buffer olverflow exploit against your rpc services. If you don't need them, I suggest you turn portmap off. That means that if you don't want or need people rsh'ing, rcp'ing, etc into your box, turn off portmap. - Jim >Best regards, >Jack L. Stone, >Server Admin > >Sage-American >http://www.sage-american.com >jacks@sage-american.com > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message - Jim -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- http://www.perlmonks.org/index.pl?node_id=67861&lastnode_id=67861 -----BEGIN PERL GEEK CODE BLOCK----- ------BEGIN GEEK CODE BLOCK------ Version: 0.01 Version: 3.12 P++>*@$c?P6?R+++>++++@$M GIT/CM/J d++(--) s++:++ a- >++++$O!MA->++++E!> PU-->+++BD C++++(+) UB++++$L++++$S++++$ $C-@D!>++++(-)$S++++@$X?WP+>++++MO!>+++ P++(+)>+++++ L+++(++++)>+++++$ !E* +PP+++>++++n-CO?PO!o >++++G W++(+++) N+ o !K w--- PS---(-)@ PE >*(!)$A-->++++@$Ee---(-)Ev++uL++>*@$uB+ Y+>+++ PGP t+(+++)>+++@ 5- X++ R@ >*@$uS+>*@$uH+uo+w-@$m! tv+ b? DI-(+++) D+++(++) G(++++) ------END PERL GEEK CODE BLOCK------ ------END GEEK CODE BLOCK------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011210014602.04020258>