On Mon, 6 Nov 2000, Rob wrote:
> Hmm, well we're on nfs-utils (1:0.1.9.1-1), so would that mean
> that someone is trying the exploit on us? Any way to tell where
> this is coming from?
Given that you're running an up-to-date nfs-utils, they didn't get
in. So the only info you have on them is the
Hmm, well we're on nfs-utils (1:0.1.9.1-1), so would that mean
that someone is trying the exploit on us? Any way to tell where
this is coming from?
BTW, what was the exploit, some kind of overflow?
On Mon, Nov 06, 2000 at 10:29:04PM -0600, Damian Menscher wrote:
> On Mon, 6 Nov 2000, Rob wrote:
>
Quoth Rob,
> Getting the following in our /var/log/messages
>
> We use NFS between two Potato boxes, this appears on
> both :
It's a buffer overrun exploit against rpc.statd. It seems that someone
has put together a `sploit and it's the flavour of the day with the
script kiddies - I've seen this
Looks like a buffer overflow attack on rpc.statd. Is your network
firewalled against the internet? If you've been applying the security
updates to potato you should be okay (except who got access to the
ports? Insiders?). Since the log is not wiped I suspect the attack was
unsuccessful. Still,
On Mon, 6 Nov 2000, Rob wrote:
> Getting the following in our /var/log/messages
>
> We use NFS between two Potato boxes, this appears on
> both :
>
> Nov 6 08:03:19 rudy Ç^F/binÇF^D/shA0ÀF^Gv^LV^PN^Ló°^KÍ°^AÍèÿÿÿ
> Nov 6 08:03:21 rudy 173>Nov 6 08:03:21 /sbin/rpc.statd[152]: gethostbyn
Hey all,
Getting the following in our /var/log/messages
We use NFS between two Potato boxes, this appears on
both :
Nov 6 08:03:19 rudy Ç^F/binÇF^D/shA0ÀF^Gv^LV^PN^Ló°^KÍ°^AÍèÿÿÿ
Nov 6 08:03:21 rudy 173>Nov 6 08:03:21 /sbin/rpc.statd[152]: gethostbyname
error for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ
6 matches
Mail list logo
