On Mon, Dec 31, 2001 at 03:18:46PM -0500, Daniel Jacobowitz wrote:
> Yep. The fact that it was logged in this particular case means you're
> fine.
A long time ago a RedHat 6.2 box i had account on was exploited using the same
exploit, and it did log that. I'd recommend running chkrootkit or some
On Mon, Dec 31, 2001 at 09:11:41PM +0100, David Gestel wrote:
> Dec 29 14:10:58 name rpc.statd[3364]: gethostbyname error for
> ^X÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hn\220\220\
Do you use NFS, NIS or anything that needs portmap? If not, then you might want
to uninstall
Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200
On Mon, Dec 31, 2001 at 03:18:46PM -0500, Daniel Jacobowitz wrote:
> Yep. The fact that it was logged in this particular case means you're
> fine.
A long time ago a RedHat 6.2 box i had account on was exploited using the same
exploit, and it did log that. I'd recommend running chkrootkit or som
On Mon, Dec 31, 2001 at 09:11:41PM +0100, David Gestel wrote:
> Dec 29 14:10:58 name rpc.statd[3364]: gethostbyname error for
> ^X÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hn\220\220\
Do you use NFS, NIS or anything that needs portmap? If not, then you might want
to uninstall
> "David" == David Gestel <[EMAIL PROTECTED]> writes:
David> What is this? I don't think anyone got in though, everything seems to be
David> fine.
David> I'm running woody and rpc.statd version 0.3.3
David> Dec 29 14:10:58 name rpc.statd[3364]: gethostbyname error for
David>
^X÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^
Looks
like a buffer overrun attempt on gethostbyname().
First I'd start poking around your logs and see if someone "got
root"...
Start
checking the dates and times of /sbin/ etc. etc.
Then,
I'd look at an exploit possibility for gethostbyname(),
then
double check all of your libs and s
On Mon, Dec 31, 2001 at 09:11:41PM +0100, David Gestel wrote:
> What is this? I don't think anyone got in though, everything seems to be
> fine.
> I'm running woody and rpc.statd version 0.3.3
Yep. The fact that it was logged in this particular case means you're
fine.
--
Daniel Jacobowitz
Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
What is this? I
don't think anyone got in though, everything seems to befine.I'm running
woody and rpc.statd version 0.3.3Dec 29 14:10:58 name rpc.statd[3364]:
gethostbyname error
for^X÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hn\220\220\220\220\220\220\220\220\220\220\2
> "David" == David Gestel <[EMAIL PROTECTED]> writes:
David> What is this? I don't think anyone got in though, everything seems to be
David> fine.
David> I'm running woody and rpc.statd version 0.3.3
David> Dec 29 14:10:58 name rpc.statd[3364]: gethostbyname error for
David> ^X÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^
Looks
like a buffer overrun attempt on gethostbyname().
First I'd start poking around your logs and see if someone "got
root"...
Start
checking the dates and times of /sbin/ etc. etc.
Then,
I'd look at an exploit possibility for gethostbyname(),
then
double check all of your libs and s
On Mon, Dec 31, 2001 at 09:11:41PM +0100, David Gestel wrote:
> What is this? I don't think anyone got in though, everything seems to be
> fine.
> I'm running woody and rpc.statd version 0.3.3
Yep. The fact that it was logged in this particular case means you're
fine.
--
Daniel Jacobowitz
What is this? I
don't think anyone got in though, everything seems to befine.I'm running
woody and rpc.statd version 0.3.3Dec 29 14:10:58 name rpc.statd[3364]:
gethostbyname error
for^X÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hn\220\220\220\220\220\220\220\220\220\220\2
On Monday, 31. December 2001 14:20, Thomas Seyrat wrote:
> By forcing the source port for recursive requests to a given fixed
> one, do you not make yourself more vulnerable to the spoofing attacks
> you were talking about, because the attacker does not have to predict
> the source port of
Russell Coker wrote:
> DNS cache machine sents out requests from source port 54 (not obscure - every
> administrator of every DNS server on the net can easily discover this).
> Recursive requests go to port 53 (getting a DNS client to even talk to
> another port is difficult or impossible dependi
On Monday, 31. December 2001 14:20, Thomas Seyrat wrote:
> By forcing the source port for recursive requests to a given fixed
> one, do you not make yourself more vulnerable to the spoofing attacks
> you were talking about, because the attacker does not have to predict
> the source port o
Russell Coker wrote:
> DNS cache machine sents out requests from source port 54 (not obscure - every
> administrator of every DNS server on the net can easily discover this).
> Recursive requests go to port 53 (getting a DNS client to even talk to
> another port is difficult or impossible depend
On Sun, 30 Dec 2001 18:53:38
<[EMAIL PROTECTED]> wrote:
> I found this in message log,what it is
> Dec 30 06:50:55 debian syslogd 1.3-3#33.1: restart.
> Dec 30 07:13:36 debian -- MARK --
> Dec 30 07:33:36 debian -- MARK --
> Dec 30 07:53:36 debian -- MARK --
> Dec 30 08:13:36 debian -- MARK --
> D
On Sun, 30 Dec 2001 18:53:38
<[EMAIL PROTECTED]> wrote:
> I found this in message log,what it is
> Dec 30 06:50:55 debian syslogd 1.3-3#33.1: restart.
> Dec 30 07:13:36 debian -- MARK --
> Dec 30 07:33:36 debian -- MARK --
> Dec 30 07:53:36 debian -- MARK --
> Dec 30 08:13:36 debian -- MARK --
>
20 matches
Mail list logo
