Date: Tue, 29 May 2001 16:45:54 +0300 From: Yonatan Bokovza <Yonatan@xpert.com> To: "'questions@freebsd.org'" <questions@freebsd.org> Subject: RE: rpc.statd: invalid hostname to sm_stat Message-ID: <EB513E68D3F5D41191CA00025558810150D3ED@mailserv.xpert.com>
next in thread | raw e-mail | index | archive | help
rpc.statd has a long standing "remote root" vulnerability in RedHat. What you'r looking at is the shell code of a script kiddie giving you his best shot. :-) Where to look for the problem? Try running snort (ports/security/snort), get his IP and complain to his ISP. Regards, Yonatan. > -----Original Message----- > From: Don Dugger [mailto:dugger@hotlz.com] > Sent: Tuesday, May 29, 2001 16:39 > To: FreeBSD Questions > Subject: rpc.statd: invalid hostname to sm_stat >=20 >=20 > I'm running 4.2 Rel and every day or so get the message: >=20 > May 28 20:54:39 freedom rpc.statd: invalid hostname to sm_stat: > ^X=F7=FF=BF^X=F7=FF=BF^Y=F7=FF=BF^ > Y=F7=FF=BF^Z=F7=FF=BF^Z=F7=FF=BF^[=F7=FF=BF^[=F7=FF > =BF%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%nM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM-^PM-^PM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM-^PM-^PM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM-^PM-^PM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM-^PM-^PM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM-^PM-^PM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM-^PM-^PM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM-^PM-^PM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM-^PM-^PM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM-^PM-^PM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM-^PM-^PM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM- >=20 > --- >=20 > Anybody got an idea where to look for the problem? >=20 > Thx... >=20 > Don 8) >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EB513E68D3F5D41191CA00025558810150D3ED>