On Wed, 20 Sep 2000, Kent Stewart wrote:
>
>
> Kris Kennaway wrote:
> >
> > On Wed, Sep 20, 2000 at 10:09:16AM -0400, Brandon Fosdick wrote:
> > > For the last week or so I've been seeing the following entries in
> > > /var/log/messages:
> > >
> > > Sep 17 01:17:11 nbf-27 rpc.statd: Invalid hostname to sm_mon:
> > > ^D���^D���^E���^E���^F���^F���^G���^G���%08x %08x %08x %08x %08x %08x
> > > %08x %08x
> >
> > Someone is trying to exploit a root hole in the Linux rpc.statd.
> > ou don't have anything to worry about running FreeBSD here :-)
>
> Is that what the Tribal Flood people are doing or is this something
> different?
Sort of. There's a distributed denial-of-service client doing the rounds
which uses the rpc.statd exploit as an entrance vector to install itself,
since it's so common and commonly unpatched.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <[EMAIL PROTECTED]>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
