From owner-freebsd-questions Sat Sep 8 11:16: 1 2001 Delivered-To: freebsd-questions@freebsd.org Received: from aragorn.neomedia.it (aragorn.neomedia.it [195.103.207.6]) by hub.freebsd.org (Postfix) with ESMTP id 78F0137B405 for ; Sat, 8 Sep 2001 11:15:58 -0700 (PDT) Received: (from httpd@localhost) by aragorn.neomedia.it (8.11.4/8.11.4) id f88IFoj28775; Sat, 8 Sep 2001 20:15:50 +0200 (CEST) To: future Subject: Re: rpc.statd Message-ID: <999972950.3b9a60562b2bb@webmail.neomedia.it> Date: Sat, 08 Sep 2001 20:15:50 +0200 (CEST) From: Salvo Bartolotta Cc: freebsd-questions@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.4-cvs X-WebMail-Company: Neomedia s.a.s. X-Originating-IP: 62.98.238.148 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > i get strange errors in my logs from rpc.statd > Sep 8 09:39:14 ns1 rpc.statd: invalid hostname to sm_stat: > ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8 > Sep 8 09:39:14 ns1 /kernel: Sep 8 09:39:14 ns1 rpc.statd: invalid hostname > to sm_stat: ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[ > Sep 8 09:39:14 ns1 /kernel: M-^PM-^P I would say that someone (eg a script kiddie) is trying gain control over your machine via an RPC exploit. This type of attack (by supplying an invalid hostname) was attemped on Linux machines [a] few months ago. Agnosco veteris^W^WI recognize the signature of an old Linux exploit. :-) IIRC (past advisories, posts, etc), FreeBSD 4.3 and later should NOT be vulnerable to this kind of attack. You may wish to check the archives (for advisories and other relevant material) to see if **your** version of FreeBSD is somehow exploitable. HTH, Salvo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message