LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-05-2004, 09:39 PM   #1
amadkow
Member
 
Registered: May 2004
Location: CA, USA
Posts: 58

Rep: Reputation: 15
help with error in /var/messages


I saw this in the messages log file on my linux server

Code:
Jun  4 17:07:58 eliza rpc.statd[467]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hn\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
Is that someone trying to use a bufferoverflow on me or something?
 
Old 06-05-2004, 11:44 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I believe that is a buffer overflow attempting to exploit an old rpc.statd vulnerability (for more info on the vuln see here). As long as you are not running an extremely old and unpatched version of linux, I believe you are OK. Although it looks like that attempt failed, you should absolutely take it as a warning that someone is attempting to break into your system. You should also make sure your system is fully updated and secured, as well as look through you logs for other attempts. I'd also download and run chkrootkit and rootkit hunter, as well as verify the integrity of the packages installed on the system.

Normally it is a exceedingly bad idea to offer public access to samba/NFS shares via rpc. I'd highly recommend limiting access with a firewall. If you aren't using samba or NFS, you should turn off portmap/rpc as well as any other un-neccessary services.

Last edited by Capt_Caveman; 06-05-2004 at 11:46 PM.
 
Old 06-06-2004, 02:15 AM   #3
amadkow
Member
 
Registered: May 2004
Location: CA, USA
Posts: 58

Original Poster
Rep: Reputation: 15
that is kind of weird becuase my firewall should be blocking that thanks for the info I will have to check it out.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
From where am i getting error messages to /var/log/messages? prabhuacsp Programming 3 02-16-2005 08:59 AM
From where am i getting error messages to /var/log/messages? prabhuacsp Linux - Networking 1 02-16-2005 12:34 AM
Error /var/log/messages arthur_NGIT Linux - Software 0 05-26-2004 04:15 PM
Error in /var/log/messages pk21 Linux - General 4 10-25-2002 07:34 AM
Recurring inetd error message in /var/log/messages jkcunningham Linux - Networking 6 08-27-2002 08:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration