Re: strange broadcast message from syslogd

To: David Wright <d.wright@open.ac.uk>
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: strange broadcast message from syslogd
From: "Noah L. Meyerhans" <frodo@morgul.net>
Date: Wed, 6 Sep 2000 12:39:34 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.21.0009061235570.1599-100000@spider.noah>
In-reply-to: <[🔎] 20000906174121.J6072@tyne.open.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 6 Sep 2000, David Wright wrote:

> > Message from syslogd@locust at Tue Sep  5 17:42:31 2000 ...
> > locust
>
> In my experience, this happens someone tries the rpc.statd buffer
> overflow exploit. I'm surprised you don't see it in syslog and messages
> (with the default syslogd.conf).

Damn, you're right!  Why hadn't I noticed that!  Especially considering
how hard we've been hit by that exploit.  We had 10 Redhat systems
compromised by that over the weekend....

Thanks a lot for the info!
noah

 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBObZzTYdCcpBjGWoFAQGLSwQAno/Muxi0FyYmY14sXb5TmjR7K4Dnnbzb
3WIHlMrFHHE2Xs4TzOuWtRLXRnD1aPLj2o34EVDiRn+el5HSX8THEBvthLNmc6kB
wYqAwrHO2HoFyvNg6yT9jBmglicEiQQERg0GBVmt1dwCYJ2lhpUwMbspAcADuggn
l2fWB2Nq82o=
=rl5k
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: strange broadcast message from syslogd
  - From: David Wright <d.wright@open.ac.uk>

Prev by Date: Re: Debian vs. Red Hat
Next by Date: Re: Seyon with incoming calls
Previous by thread: Re: strange broadcast message from syslogd
Next by thread: Help setting up my scanner??
Index(es):
- Date
- Thread