What is this? I
don't think anyone got in though, everything seems to befine.I'm running
woody and rpc.statd version 0.3.3Dec 29 14:10:58 name rpc.statd[3364]:
gethostbyname error
On Mon, Dec 31, 2001 at 09:11:41PM +0100, David Gestel wrote:
What is this? I don't think anyone got in though, everything seems to be
fine.
I'm running woody and rpc.statd version 0.3.3
Yep. The fact that it was logged in this particular case means you're
fine.
--
Daniel Jacobowitz
Looks
like a buffer overrun attempt on gethostbyname().
FirstI'd start poking around your logs and see if someone "got
root"...
Start
checking the dates and times of /sbin/ etc. etc.
Then,
I'd look at an exploit possibility for gethostbyname(),
then
double check all of your libs and
David == David Gestel [EMAIL PROTECTED] writes:
David What is this? I don't think anyone got in though, everything seems to be
David fine.
David I'm running woody and rpc.statd version 0.3.3
David Dec 29 14:10:58 name rpc.statd[3364]: gethostbyname error for
David
Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Mon, Dec 31, 2001 at 03:18:46PM -0500, Daniel Jacobowitz wrote:
Yep. The fact that it was logged in this particular case means you're
fine.
A long time ago a RedHat 6.2 box i had account on was exploited using the same
exploit, and it did log that. I'd recommend running chkrootkit or
On Sun, 30 Dec 2001 18:53:38
[EMAIL PROTECTED] wrote:
I found this in message log,what it is
Dec 30 06:50:55 debian syslogd 1.3-3#33.1: restart.
Dec 30 07:13:36 debian -- MARK --
Dec 30 07:33:36 debian -- MARK --
Dec 30 07:53:36 debian -- MARK --
Dec 30 08:13:36 debian -- MARK --
Dec 30
Russell Coker wrote:
DNS cache machine sents out requests from source port 54 (not obscure - every
administrator of every DNS server on the net can easily discover this).
Recursive requests go to port 53 (getting a DNS client to even talk to
another port is difficult or impossible depending
On Monday, 31. December 2001 14:20, Thomas Seyrat wrote:
By forcing the source port for recursive requests to a given fixed
one, do you not make yourself more vulnerable to the spoofing attacks
you were talking about, because the attacker does not have to predict
the source port of
What is this? I
don't think anyone got in though, everything seems to befine.I'm running
woody and rpc.statd version 0.3.3Dec 29 14:10:58 name rpc.statd[3364]:
gethostbyname error
On Mon, Dec 31, 2001 at 09:11:41PM +0100, David Gestel wrote:
What is this? I don't think anyone got in though, everything seems to be
fine.
I'm running woody and rpc.statd version 0.3.3
Yep. The fact that it was logged in this particular case means you're
fine.
--
Daniel Jacobowitz
Looks
like a buffer overrun attempt on gethostbyname().
FirstI'd start poking around your logs and see if someone "got
root"...
Start
checking the dates and times of /sbin/ etc. etc.
Then,
I'd look at an exploit possibility for gethostbyname(),
then
double check all of your libs and
Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200
On Mon, Dec 31, 2001 at 09:11:41PM +0100, David Gestel wrote:
Dec 29 14:10:58 name rpc.statd[3364]: gethostbyname error for
^X÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hn\220\220\
Do you use NFS, NIS or anything that needs portmap? If not, then you might want
to uninstall
On Mon, Dec 31, 2001 at 03:18:46PM -0500, Daniel Jacobowitz wrote:
Yep. The fact that it was logged in this particular case means you're
fine.
A long time ago a RedHat 6.2 box i had account on was exploited using the same
exploit, and it did log that. I'd recommend running chkrootkit or
15 matches
Mail list logo