Re: rpc.statd

[Peter Pentchev]

On Wed, Jun 06, 2001 at 09:39:39PM -0700, Dan Phoenix wrote:
> 
> Jun  6 18:48:10 www rpc.statd: invalid hostname to
> sm_stat: ^X^X^Z
> 
>^Z%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hnM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
[snip]
> 
> this is a message in messages before a kernel paniced on freebsd 4.3.
> I have token liberty of disabling, what does this look like to you guys.

As already pointed out, this should definitely not be the cause of a kernel
panic.  This is, exactly as the other poster explained, a Linux-targeting
expoit which has absolutely no effect on FreeBSD's rpc.statd.

G'luck,
Peter

-- 
If I had finished this sentence,

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: rpc.statd

[Matthew Emmerton]

On Wed, 6 Jun 2001, Dan Phoenix wrote:

> 
> Jun  6 18:48:10 www rpc.statd: invalid hostname to
> sm_stat: ^X^X^Z
> 
>^Z%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hnM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-

[ snip ]

It's some l33t h4x0r attemting to use a Linux RPC exploit against your
FreeBSD machine.  From what I've been told, It's harmless (since FreeBSD
never had the hole that Linux did), and I see it quite often on some of
the public boxes that I run.

Are you absolutely sure that this was the cause of your kernel panic?

--
Matt Emmerton
GSI Computer Services


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message