RE: strange messages

From: Will Mitayai Keeso Rowe (mit@mitayai.net)
Date: 03/08/01 

From: "Will Mitayai Keeso Rowe" <mit@mitayai.net>
To: <tjk@tksoft.com>, "Will Mitayai Keeso Rowe" <mitayai@dreaming.org>, <will@physics.purdue.edu>
Date: Thu, 8 Mar 2001 09:33:30 -0500

Acording to CERT (the latest statd message seems to be
http://www.kb.cert.org/vuls/id/34043)
FreeBSD is not vulnerable to rpc.statd problems.

But, i still have a question... how can i better log attempts to hack my
machine's rpc.statd? It would be nice to have an IP of the connecting box so
i can see if they are doing it remotely or by an account on my machine.

-Mit

:-----Original Message-----
:From: tjk@tksoft.com [mailto:tjk@tksoft.com]
:Sent: March 8, 2001 09:29 AM
:To: Will Mitayai Keeso Rowe
:Cc: freebsd-security@FreeBSD.ORG
:Subject: Re: strange messages
:
:
:rpc.statd has known problems.
:
:Please look at http://www.cert.org/ and look for rpc.statd.
:
:I would be concerned, but that's me.
:
:Most RPC services are just big holes, when opened to the
:Internet. (My opinion. If you disagree, I already agree with you. Fine.)
:
:
:
:Troy
:
:>
:>
:> I noticed the following messages in my logs... anything i should be
:> worried about? Is there a way to log this better next time so i can get
:> IPs and such?
:>
:> Regards,
:> Mit
:>
:> Weirdness:
:>
:> Mar 7 00:07:55 machine rpc.statd: invalid hostname to sm_stat:
:^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x
:%236x%n%137x%n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
:M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^
:PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
:^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
:-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
:M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^
:PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
:^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
:-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
:M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^
:PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
:^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM
:-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^!
:!
:> PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
:> Mar 7 00:07:55 machine /kernel: -^PM-^PM-^P
:>
:> System:
:>
:> FreeBSD machine 4.2-STABLE FreeBSD 4.2-STABLE #3: Mon Feb 19 11:19:05 EST
:> 2001 root@machine:/usr/obj/usr/src/sys/machine i386
:>
:>
:> --
:> ---
:> Will Mitayai Keeso Rowe
:> Toronto, Ontario, Canada
:> mitayai@dreaming.org
:>
:>
:> To Unsubscribe: send mail to majordomo@FreeBSD.org
:> with "unsubscribe freebsd-security" in the body of the message
:>
:
:
:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Racoon/sainfo - no policy found
    ... > I have a FreeBSD machine runing NAT, IPFilter, IPSec, ... > Racoon among other things. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Is the technique described in this article do-able with
    ... > I believe that when you "halt" FreeBSD the whole OS halts. ... you may not care about log info. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • RE: OpenSSH b0rked (was RE: Problems with IPFW patch)
    ... Just did that as per your suggestion. ... > You'd be better off running mergemaster anyway, ... > with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Lost Password
    ... One of the WinNT boxes can be logged into under two separate domains at the login screen. ... Has anyone out ther had any experience in retrieving passwords. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)