>> I got the following (alarming) messages on syslog: > >This is becoming a FAQ.. it's a failed crack attempt.
I got the same attempt on Sunday. This is what I found out about it: "The rpc.statd program passes user-supplied data to the syslog() function as a format string. If there is no input validation of this string, a malicious user can inject machine code to be executed with the privileges of the rpc.statd process, typically root." I got this from http://www.cert.org/advisories/CA-2000-17.html The Debian fix is here. http://www.debian.org/security/2000/20000719a Systems that are kept up to date should be fine I hope. I don't use NFS so I disabled the nfs-common and nfs-server scripts to be on the safe side. That way rpc* and statd* programs will stop running. jmb