Here is something I just sent. I thought everyone at UT should know about
this. Even after I sent this, the @#$ is still scanning my ports as I'm
logged into telesys. The LANS research group was broken into via this
mountd bug just a day or so ago.
******************************************************
* Marty Paul Combs |\~~~~~~/| *
* PO Box 8333 / -\/o \ *
* Austin, TX 78713 \ {\/} / () *
* \______/ )) *
* 512-451-2042 (home) / \ // *
* / || || \// *
* Forget about world peace... \ || || // *
* visualize using your turn signal. {__}{__} *
******************************************************
---------- Forwarded message ----------
Date: Tue, 15 Dec 1998 00:48:45 -0600 (CST)
From: Marty Combs <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: You have a cracker
I'm from the University of Texas. At this very momemnt, someone sitting
at your machine "sylvester.otr.usm.edu" is trying a mountd overflow attack
on us. Here is the info from /var/log/messages
---------------------
Dec 15 00:41:17 tippy portmap[1752]: connect from 131.95.81.230 to
getport(mountd): request from unauthorized host
------------------------
Good luck catching the (*&^%*&^%*&%*&%&%*&%^^%!
******************************************************
* Marty Paul Combs |\~~~~~~/| *
* PO Box 8333 / -\/o \ *
* Austin, TX 78713 \ {\/} / () *
* \______/ )) *
* 512-451-2042 (home) / \ // *
* / || || \// *
* Forget about world peace... \ || || // *
* visualize using your turn signal. {__}{__} *
******************************************************
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
