[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: strange broadcast message from syslogd

Quoting Noah L. Meyerhans (frodo@morgul.net):
> This is really weird.  I've got potato running on a machine at work,
> configured pretty much the same as all my other workstation in terms of
> software.  Every few days or so I get the following message broadcast out
> to all my login sessions:
> Message from syslogd@locust at Tue Sep  5 17:42:31 2000 ...
> locust
> That's all it's doing.  Has anybody got any idea why that message would be
> sent?  There's nothing in /etc/syslog.conf that would seem to be causing
> this, and there aren't any crontab entries that might cause this.

In my experience, this happens someone tries the rpc.statd buffer
overflow exploit. I'm surprised you don't see it in syslog and messages
(with the default syslogd.conf).


Email:  d.wright@open.ac.uk   Tel: +44 1908 653 739  Fax: +44 1908 655 151
Snail:  David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer:   These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.

Reply to: