Why are you running rpc.statd on a machine on the internet? It's part of
NFS which is a horrible security leak....do a /etc/rc.d/init.d/nfs stop
then run ntsysv and disable that and anything else you don't think you
need (aka: just about everything!).
--rdp
On Sun, 31 Dec 2000, Tom Rauschenbach wrote:
> On Sun, 31 Dec 2000, Ken D'Ambrosio wrote:
> > Odds are good that you just had someone try to use a buffer overflow
> > explooit on your machine. What services do you have open? Did your
> > security log show anything exciting? I'm sure others on here would know
> > more than I about figuring out
> > a) What happened, and
> > b) if you've actually been hacked.
>
>
>
> I have portsentry running, but few defenses other than that. I have tried
> to turn off most services, but I don't know everything.
>
> I don't have a ftp server or allow telnet. I just tried to telnet into my
> machine and it did set off my alarms. But I agree, it does look like an
> overflow attempt to me too.
>
> Nothing else interesting in the log.
>
> >
> > -Ken
> >
> > On Sun, 31 Dec 2000, Tom Rauschenbach wrote:
> >
> > >
> > >
> > > Hi folks
> > >
> > > This
> > >
> > > Dec 31 15:12:39 localhost rpc.statd[302]: gethostbyname
> > > error for ^X���^X���^Y���^Y���^Z���^Z���^[���^[���bffff760 8049710
> > > 8052c28687465676274736f6d616e797265206520726f7220726f66
> > >
> > >
> > > just appeared in my syslog. Other than pointing out that my
> > > machine thinks its name is localhost, does anyone know what this
> > > might mean ?
> > >
> > > Thanks
> > >
> > >
> > >
> > >
> > >
>
--
Rich Payne
[EMAIL PROTECTED] www.alphalinux.org
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
