Howdy,
I was just checking my logs, and as it so happens log rotate had just rotated them so
I looked back at the last one (/var/log/messages)and noticed something
interesting(note this is a _very_ low traffic server, and no one should be on it at
12:00 saturday night/sunday morning):
Sep 24 00:01:47 csc003 rpc.statd[387]: gethostbyname error for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n^A°fÍ€³^D°fÍ€³^E0ÀA^D°fÍ€‰ÎÃ1É°?Í
Sep 24 @ 00:01:47 is, like, midnight last night right?
Any ideas if that's a crack attempt, or is it simply some weird bud-report? Never seen
such garble-dee-gook in a log file. All the other log files look 100% ok, even
/var/log/secure. Do you think someone was just looking for a RPC vulnerability?
JW
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
