Re: error msg

To: "Liu, GuangYu" <GuangYu.Liu@AP.ATT.com>
Cc: debian-security@lists.debian.org
Subject: Re: error msg
From: Giacomo Mulas <gmulas@ca.astro.it>
Date: Tue, 30 Jul 2002 09:51:19 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.44.0207300943360.4101-100000@capitanata.ca.astro.it>
Reply-to: Giacomo Mulas <gmulas@ca.astro.it>
In-reply-to: <[🔎] 561AEC667E20D311A9450090274F6DB9E70A14@ATTAPABDCSYD>

On Tue, 30 Jul 2002, Liu, GuangYu wrote:

> Hi there,
> 	Anybody knows what caused the following error message:
>
> Jul 30 13:16:35 liugy rpc.statd[298]: gethostbyname error for
> ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%1

it means somebody tried to cause a buffer overflow on your rpc.statd to
gain access to your computer. The very fact that you saw that log line and
that rpc.statd is still running means that the attempt failed (it was an
old bug and hopefully you are running a non-vulnerable version of
rpc.statd). You should nonetheless do a couple of things:

1) determine where the attack came from: if it came from within your
network it means that either you have a malicious user or (more likely) a
compromised host already. In this latter case, take down the compromised
host, examine it carefully and clean it up before putting it back online.

2) determine whether you actually need rpc.statd (and/or any other
RPC based daemons) running on that computer and, if you don't actually
need them, don't run them!

3) if you do need them (e.g. you need to export NFS file systems) restrict
access to all of these relatively fragile services to trusted hosts, using
hosts.allow, hosts.deny and/or firewalling.

The net is becoming a dangerous place, if you aren't cautious.

Bye
Giacomo

-- 
_________________________________________________________________

Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>
_________________________________________________________________

OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 248     Fax : +39 070 71180 222
_________________________________________________________________

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)
_________________________________________________________________

--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: error msg
  - From: Mathias Palm <Mathias.Palm@gmx.net>
- Re: error msg
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

References:
- error msg
  - From: "Liu, GuangYu" <GuangYu.Liu@AP.ATT.com>

Prev by Date: Re: LIST-DAEMON COMMAND {{ DIGEST MODE FLAG TRUE TOGGLE }} STOP END
Next by Date: Re: error msg
Previous by thread: Re: error msg
Next by thread: Re: error msg
Index(es):
- Date
- Thread