From owner-freebsd-questions  Tue May 29  6:46:22 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from void.xpert.com (xpert.com [199.203.132.1])
	by hub.freebsd.org (Postfix) with ESMTP id 9EE7E37B42C
	for <questions@freebsd.org>; Tue, 29 May 2001 06:46:16 -0700 (PDT)
	(envelope-from Yonatan@xpert.com)
Received: from mailserv.xpert.com ([199.203.132.135])
	by void.xpert.com with esmtp (Exim 3.20 #1)
	id 154jmX-0007sY-00
	for questions@freebsd.org; Tue, 29 May 2001 16:43:33 +0300
Received: by mailserv.xpert.com with Internet Mail Service (5.5.2650.21)
	id <K4L70X9B>; Tue, 29 May 2001 16:46:00 +0300
Message-ID: <EB513E68D3F5D41191CA00025558810150D3ED@mailserv.xpert.com>
From: Yonatan Bokovza <Yonatan@xpert.com>
To: "'questions@freebsd.org'" <questions@freebsd.org>
Subject: RE: rpc.statd: invalid hostname to sm_stat
Date: Tue, 29 May 2001 16:45:54 +0300
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

rpc.statd has a long standing "remote root" vulnerability in RedHat.
What you'r looking at is the shell code of a script kiddie giving
you his best shot. :-)
Where to look for the problem?
Try running snort (ports/security/snort), get his IP and complain to
his ISP.

Regards,
Yonatan.

> -----Original Message-----
> From: Don Dugger [mailto:dugger@hotlz.com]
> Sent: Tuesday, May 29, 2001 16:39
> To: FreeBSD Questions
> Subject: rpc.statd: invalid hostname to sm_stat
>=20
>=20
> I'm running 4.2 Rel and every day or so get the message:
>=20
> May 28 20:54:39 freedom rpc.statd: invalid hostname to sm_stat:
> ^X=F7=FF=BF^X=F7=FF=BF^Y=F7=FF=BF^
> Y=F7=FF=BF^Z=F7=FF=BF^Z=F7=FF=BF^[=F7=FF=BF^[=F7=FF
> =BF%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%nM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
> M-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
>=20
> ---
>=20
> Anybody got an idea where to look for the problem?
>=20
> Thx...
>=20
> Don 8)
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>=20

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message