On Sun, 31 Dec 2000, Rich Payne wrote:
> Why are you running rpc.statd on a machine on the internet?
'Cuz I don't know any better!! I have turned off the things I know about.
I also have _Maximun Linux Security_, I guess I need to read it too.
>It's part of
> NFS which is a horrible security leak....do a /etc/rc.d/init.d/nfs stop
> then run ntsysv and disable that and anything else you don't think you
> need (aka: just about everything!).
>
> --rdp
>
> On Sun, 31 Dec 2000, Tom Rauschenbach wrote:
>
> > On Sun, 31 Dec 2000, Ken D'Ambrosio wrote:
> > > Odds are good that you just had someone try to use a buffer overflow
> > > explooit on your machine. What services do you have open? Did your
> > > security log show anything exciting? I'm sure others on here would know
> > > more than I about figuring out
> > > a) What happened, and
> > > b) if you've actually been hacked.
> >
> >
> >
> > I have portsentry running, but few defenses other than that. I have tried
> > to turn off most services, but I don't know everything.
> >
> > I don't have a ftp server or allow telnet. I just tried to telnet into my
> > machine and it did set off my alarms. But I agree, it does look like an
> > overflow attempt to me too.
> >
> > Nothing else interesting in the log.
> >
> > >
> > > -Ken
> > >
> > > On Sun, 31 Dec 2000, Tom Rauschenbach wrote:
> > >
> > > >
> > > >
> > > > Hi folks
> > > >
> > > > This
> > > >
> > > > Dec 31 15:12:39 localhost rpc.statd[302]: gethostbyname
> > > > error for ^X���^X���^Y���^Y���^Z���^Z���^[���^[���bffff760 8049710
> > > > 8052c28687465676274736f6d616e797265206520726f7220726f66
> > > >
> > > >
> > > > just appeared in my syslog. Other than pointing out that my
> > > > machine thinks its name is localhost, does anyone know what this
> > > > might mean ?
> > > >
> > > > Thanks
> > > >
> > > >
> > > >
> > > >
> > > >
> >
>
> --
> Rich Payne
> [EMAIL PROTECTED] www.alphalinux.org
--
Standard is better than better. If your web page cares what browser I'm using
it's broken.
[EMAIL PROTECTED]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
