Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Mar 2002 19:57:20 +0200
From:      Yonatan Bokovza <Yonatan@xpert.com>
To:        'Ken McGlothlen' <mcglk@artlogix.com>, questions@freebsd.org
Subject:   RE: Crackers.
Message-ID:  <EB513E68D3F5D41191CA000255588101B438BE@mailserv.xpert.com>
next in thread | raw e-mail | index | archive | help 
> -----Original Message-----
> From: Ken McGlothlen [mailto:mcglk@artlogix.com]
> Sent: Wednesday, March 20, 2002 19:38
> To: questions@freebsd.org
> Subject: Crackers.
> 
> 
> I realize that I'm immune from this particular exploit:
> 
> Mar 19 06:27:08 ralf rpc.statd: invalid hostname to sm_stat: 
> ^X\M-w\M^?\M-?^X\M-w\M^?\M-?^Z\M-w\M^?\M-?^Z\M-w\M^?\M-?%8x%8x
> %8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hnM-^PM-^PM-^PM-^PM-^PM
> -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^
> PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
> -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^
> PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
> -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^
> PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
> -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^
> PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
> -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^
> PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
> -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^
> PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
> -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^
> PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
> -^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> 
> I'd just like to know where these are coming from.  Is there 
> any way to get the
> IP addresses recorded in the logfiles other than packet filtering?

Not by default IIRC. You should use something extra
from the ports. I heartly suggest snort, but portsentry and
friends will do just as good.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EB513E68D3F5D41191CA000255588101B438BE>