Re: strange broadcast message from syslogd
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 6 Sep 2000, David Wright wrote:
> > Message from syslogd@locust at Tue Sep 5 17:42:31 2000 ...
> > locust
>
> In my experience, this happens someone tries the rpc.statd buffer
> overflow exploit. I'm surprised you don't see it in syslog and messages
> (with the default syslogd.conf).
Damn, you're right! Why hadn't I noticed that! Especially considering
how hard we've been hit by that exploit. We had 10 Redhat systems
compromised by that over the weekend....
Thanks a lot for the info!
noah
_______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCVAwUBObZzTYdCcpBjGWoFAQGLSwQAno/Muxi0FyYmY14sXb5TmjR7K4Dnnbzb
3WIHlMrFHHE2Xs4TzOuWtRLXRnD1aPLj2o34EVDiRn+el5HSX8THEBvthLNmc6kB
wYqAwrHO2HoFyvNg6yT9jBmglicEiQQERg0GBVmt1dwCYJ2lhpUwMbspAcADuggn
l2fWB2Nq82o=
=rl5k
-----END PGP SIGNATURE-----
Reply to: