On Sun, 31 Dec 2000, Ken D'Ambrosio wrote:
> Odds are good that you just had someone try to use a buffer overflow
> explooit on your machine. What services do you have open? Did your
> security log show anything exciting? I'm sure others on here would know
> more than I about figuring out
> a) What happened, and
> b) if you've actually been hacked.
I have portsentry running, but few defenses other than that. I have tried
to turn off most services, but I don't know everything.
I don't have a ftp server or allow telnet. I just tried to telnet into my
machine and it did set off my alarms. But I agree, it does look like an
overflow attempt to me too.
Nothing else interesting in the log.
>
> -Ken
>
> On Sun, 31 Dec 2000, Tom Rauschenbach wrote:
>
> >
> >
> > Hi folks
> >
> > This
> >
> > Dec 31 15:12:39 localhost rpc.statd[302]: gethostbyname
> > error for ^X���^X���^Y���^Y���^Z���^Z���^[���^[���bffff760 8049710
> > 8052c28687465676274736f6d616e797265206520726f7220726f66
> >
> >
> > just appeared in my syslog. Other than pointing out that my
> > machine thinks its name is localhost, does anyone know what this
> > might mean ?
> >
> > Thanks
> >
> >
> >
> >
> >
--
Standard is better than better. If your web page cares what browser I'm using
it's broken.
[EMAIL PROTECTED]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
