Re: weird rpc.statd messages on potato

To: debian-user@lists.debian.org
Subject: Re: weird rpc.statd messages on potato
From: "Eric G . Miller" <egm2@jps.net>
Date: Mon, 6 Nov 2000 20:30:22 -0800
Message-id: <[🔎] 20001106203022.A7131@calico.local>
Mail-followup-to: "Eric G . Miller" <egm2@jps.net>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20001106201345.C499@namodn.com>; from robert@namodn.com on Mon, Nov 06, 2000 at 08:13:45PM -0800
References: <[🔎] 20001106201345.C499@namodn.com>

Looks like a buffer overflow attack on rpc.statd.  Is your network
firewalled against the internet?  If you've been applying the security
updates to potato you should be okay (except who got access to the
ports? Insiders?).  Since the log is not wiped I suspect the attack was
unsuccessful.  Still, I'd want to be sure!

On Mon, Nov 06, 2000 at 08:13:45PM -0800, Rob wrote:
> Hey all,
> 
> 
> Getting the following in our /var/log/messages
> 
> We use NFS between two Potato boxes, this appears on
> both :
> 
<shell code snipped>

-- 
#! /bin/sh
# ppp-address: What's my Internet Address for ppp0 ?
/sbin/ifconfig ppp0 2> /dev/null | grep 'inet addr:' | sed \
's=.*inet addr\:\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*=\1='

Reply to:

References:
- weird rpc.statd messages on potato
  - From: Rob <robert@namodn.com>

Prev by Date: Re: weird rpc.statd messages on potato
Next by Date: MD5 Check (was Re: i am hacked atm.. what's better thing to do?)
Previous by thread: Re: weird rpc.statd messages on potato
Next by thread: Re: weird rpc.statd messages on potato
Index(es):
- Date
- Thread