You must be mad to run rpc.statd on a box on the internet. I'd ipchains it or remove
it if you don't use it. Once they get in via rpc.statd, they then remove the offending
entries from the log files. So either they didn't get in, or their log cleaner didn't
clean up properly.
Tom
On Sun, Sep 24, 2000 at 10:14:51PM -0500, Jonathan Wilson wrote:
> Howdy,
> I was just checking my logs, and as it so happens log rotate had just rotated them
>so I looked back at the last one (/var/log/messages)and noticed something
>interesting(note this is a _very_ low traffic server, and no one should be on it at
>12:00 saturday night/sunday morning):
>
> Sep 24 00:01:47 csc003 rpc.statd[387]: gethostbyname error for
>^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n^A°fÍ€³^D°fÍ€³^E0ÀA^D°fÍ€‰ÎÃ1É°?Í
>
>
> Sep 24 @ 00:01:47 is, like, midnight last night right?
>
> Any ideas if that's a crack attempt, or is it simply some weird bud-report? Never
>seen such garble-dee-gook in a log file. All the other log files look 100% ok, even
>/var/log/secure. Do you think someone was just looking for a RPC vulnerability?
>
> JW
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
