[ale] hack attempt?

Jeremy T. Bouse undrgrid at undergrid.net
Thu Nov 18 21:54:54 EST 1999


--YiEDa0DAkWCtVeE4
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

	This is a well known exploit for NFS which can be easily obtain'd
from sites like rootshell.com and the like... I have a very specific rule
in my ipchains rules for this very attack as I was receiving an exponential
amount of them comin from all over the globe... I'd even mention'd it to
Todd at Atlanta Internet IIRC to make him aware of machine local to him...

	Respectfully,
	Jeremy T. Bouse, Pres/CEO
	UnderGrid Network Services, LLC

Wandered Inn decided to waste my bandwidth saying:
> I had an unusual entry in one of my log files and was wondering if there
> is a buffer overflow issue with mountd.  Found the following:
>=20
> Nov 18 20:51:33 denali mountd[291]: Unauthorized access by NFS client
> 142.169.160.58
>=20
> and the ip is resolvable, to an entry from quebectel.com.
>=20
> Obviously, the access was denied, but the message above was followed by
> some garbage.  A bunch of ^P and other stuff that looked like line
> noise.
>=20
> The message attempts to indicate what was being mounted, but that's when
> the garbage comes in.
>=20
> Anyone seen anything like this?
>=20

--=20
,--------------------------------------------------------------------------=
---,
| Jeremy T. Bouse  -  UnderGrid Network Services, LLC  -   www.UnderGrid.ne=
t  |
|     PGP ID/Fingerprint: 1024/E83D9AE5/4ACC03F098D78198 19D0593E50E597E9  =
   |
|   Public PGP key available by sending email with 'send pgpkey' in subject=
   |
| undrgrid at UnderGrid.net  -  NIC Whois: JB5713  -  Jeremy.Bouse at UnderGrid.n=
et |
|            /earth is 98% full ... please delete anyone you can.          =
   |
`--------------------------------------------------------------------------=
---'

--YiEDa0DAkWCtVeE4
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a

iQCVAwUBODS7/eak13roPZrlAQEhgAP9GDnTg6eh46rGt1krJk+eFD/BjaEMbipN
vkIPuC4wQj78ni9tZBEh7RWXOpZxslUAt6XYSVcT2D8Pq+XsYynIrhKV2MNPBghD
MxZirvc364UkCnHr7l0naQg/8duVF19FxgcAkEH1uBfccMn7A7AqBVieUdNSw0ly
JX6KjhtLeO8=
=p07H
-----END PGP SIGNATURE-----

--YiEDa0DAkWCtVeE4--






More information about the Ale mailing list