From owner-freebsd-questions Tue Jan 2 8:27:18 2001 From owner-freebsd-questions@FreeBSD.ORG Tue Jan 2 08:27:17 2001 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id D21A737B400 for ; Tue, 2 Jan 2001 08:27:16 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f02GRFQ22699; Tue, 2 Jan 2001 08:27:15 -0800 (PST) Date: Tue, 2 Jan 2001 08:27:15 -0800 From: Alfred Perlstein To: Eric_Stanfield@kenokozie.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: hacked or just garbage in log? Message-ID: <20010102082715.K19572@fw.wintelcom.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from Eric_Stanfield@kenokozie.com on Tue, Jan 02, 2001 at 10:11:14AM -0600 Sender: bright@fw.wintelcom.net Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Eric_Stanfield@kenokozie.com [010102 08:16] wrote: > > Alright, this is the first time I've seen this and it's worrisome to me. > Anyone know wtf this indicates? To my paranoid mind it looks like an > attempt at some soft or buffer overflow exploit but maybe I'm way off. I'm > the only user that has logon access to this box though it runs some web > servers and game servers that the internet has access to. > > Dec 29 17:53:10 mrtg rpc.statd: invalid hostname to sm_stat: > ^X÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^Z÷ÿ Yes, there was a vulnerability several months back, afaik FreeBSD wasn't vulnerable to it. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message