[ale] hack attempt?

Wandered Inn esoteric at denali.atlnet.com
Thu Nov 18 23:39:54 EST 1999


"Jeremy T. Bouse" wrote:
> 
>         This is a well known exploit for NFS which can be easily obtain'd
> from sites like rootshell.com and the like... I have a very specific rule
> in my ipchains rules for this very attack as I was receiving an exponential
> amount of them comin from all over the globe... I'd even mention'd it to
> Todd at Atlanta Internet IIRC to make him aware of machine local to him...

Thanks so much for the info.

So is this random attempt, or is this something focused at my machine?

I'm wondering if he'll be back soon.  I've been meaning to get ipchains
fixed up, I guess the time is here.

> 
>         Respectfully,
>         Jeremy T. Bouse, Pres/CEO
>         UnderGrid Network Services, LLC
> 
> Wandered Inn decided to waste my bandwidth saying:
> > I had an unusual entry in one of my log files and was wondering if there
> > is a buffer overflow issue with mountd.  Found the following:
> >
> > Nov 18 20:51:33 denali mountd[291]: Unauthorized access by NFS client
> > 142.169.160.58
> >
> > and the ip is resolvable, to an entry from quebectel.com.
> >
> > Obviously, the access was denied, but the message above was followed by
> > some garbage.  A bunch of ^P and other stuff that looked like line
> > noise.
> >
> > The message attempts to indicate what was being mounted, but that's when
> > the garbage comes in.
> >
> > Anyone seen anything like this?
> >
> 
> --
> ,-----------------------------------------------------------------------------,
> | Jeremy T. Bouse  -  UnderGrid Network Services, LLC  -   www.UnderGrid.net  |
> |     PGP ID/Fingerprint: 1024/E83D9AE5/4ACC03F098D78198 19D0593E50E597E9     |
> |   Public PGP key available by sending email with 'send pgpkey' in subject   |
> | undrgrid at UnderGrid.net  -  NIC Whois: JB5713  -  Jeremy.Bouse at UnderGrid.net |
> |            /earth is 98% full ... please delete anyone you can.             |
> `-----------------------------------------------------------------------------'
> 
>   ------------------------------------------------------------------------
>    Part 1.2Type: application/pgp-signature

--
Until later: Geoffrey		esoteric at denali.atlnet.com

It should be illegal to yell "Y2K" in a crowded economy.
	-- Larry Wall, creator of the programming language Perl






More information about the Ale mailing list