Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 May 2001 16:45:54 +0300
From:      Yonatan Bokovza <Yonatan@xpert.com>
To:        "'questions@freebsd.org'" <questions@freebsd.org>
Subject:   RE: rpc.statd: invalid hostname to sm_stat
Message-ID:  <EB513E68D3F5D41191CA00025558810150D3ED@mailserv.xpert.com>

next in thread | raw e-mail | index | archive | help
rpc.statd has a long standing "remote root" vulnerability in RedHat.
What you'r looking at is the shell code of a script kiddie giving
you his best shot. :-)
Where to look for the problem?
Try running snort (ports/security/snort), get his IP and complain to
his ISP.

Regards,
Yonatan.

> -----Original Message-----
> From: Don Dugger [mailto:dugger@hotlz.com]
> Sent: Tuesday, May 29, 2001 16:39
> To: FreeBSD Questions
> Subject: rpc.statd: invalid hostname to sm_stat
>=20
>=20
> I'm running 4.2 Rel and every day or so get the message:
>=20
> May 28 20:54:39 freedom rpc.statd: invalid hostname to sm_stat:
> ^X=F7=FF=BF^X=F7=FF=BF^Y=F7=FF=BF^
> Y=F7=FF=BF^Z=F7=FF=BF^Z=F7=FF=BF^[=F7=FF=BF^[=F7=FF
> =BF%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%nM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
>=20
> ---
>=20
> Anybody got an idea where to look for the problem?
>=20
> Thx...
>=20
> Don 8)
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>=20

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EB513E68D3F5D41191CA00025558810150D3ED>