Looks like a buffer overflow attack on rpc.statd. Is your network
firewalled against the internet? If you've been applying the security
updates to potato you should be okay (except who got access to the
ports? Insiders?). Since the log is not wiped I suspect the attack was
unsuccessful. Still, I'd want to be sure!
On Mon, Nov 06, 2000 at 08:13:45PM -0800, Rob wrote:
> Hey all,
>
>
> Getting the following in our /var/log/messages
>
> We use NFS between two Potato boxes, this appears on
> both :
>
<shell code snipped>
--
#! /bin/sh
# ppp-address: What's my Internet Address for ppp0 ?
/sbin/ifconfig ppp0 2> /dev/null | grep 'inet addr:' | sed \
's=.*inet
addr\:\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*=\1='
