[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Strange entry in syslog

Interestingly, I've been seeing that on many servers we operate.
We run unstable though...

Sometimes we get hundreds of those messages, with exactly the same problems
you experienced.
We always thought some script-kiddie was trying to find some buffer overflow
shxt on us. Is it?

Jason Lim

----- Original Message -----
From: "Marek L. Kozak" <marko@terabajt.pl>
To: "Debian-ISP-List" <debian-isp@lists.debian.org>
Sent: Saturday, 27 January, 2001 3:25 AM
Subject: Strange entry in syslog


Hello,

I found this in my syslog today:
Jan 26 01:39:38 myhost
Jan 26 01:39:38 myhost /sbin/rpc.statd[156]: gethostbyname error for
^X÷˙
ż^X÷
˙ż^Y
÷˙ż^
Y÷˙ż
^Z÷˙
ż^Z÷
˙ż^
[÷˙ż
^[÷˙
ż%8x
%8x%
8x%8
x%8x
%8x%
8x%8
x%8x
%236
x%n%
137x
%n%1
0x%n
%192
x%n\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220

Then some lines with earlier time and again:
Jan 26 01:39:38 myhost
Jan 26 01:39:38 myhost syslogd: Cannot glue message parts together
Jan 26 01:39:38 myhost /sbin/rpc.statd[156]: gethostbyname error for
_here_goes_the_same_long_line_returned_by_gethostbyname_

Some told me it might be e worm called Raven, but it attacks some RedHat
systems. Anyway I didn't find any signs of the worm on my potato.
Any ideas ?
--
Regards,
Marek L. Kozak


--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: