Any ideas what the blazes all this junk is that's showing up in the /var/messages log?

It seems to be occuring rather frequently.


Feb 28 23:48:28 www rpc.statd[398]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x
%n%137x%n%10x%n%192x%n1Àë|Y‰A^P‰A^HþÀ‰A^D‰ÃþÀ‰^A°f Í€³^B‰Y^LÆA^N™ÆA^H^P‰I^D€A^D^Lˆ^A°fÍ€³^D°fÍ€³^E0Àˆ A^D°fÍ€‰ÎˆÃ1É°?Í

*ymmmmms*

www rpc.statd[398]

Hmms. [398] is the pid of the process writing to messages .. .what is it and why is it trying to gethostbyname (this is a reverse lookup function -- get the ip addy from the hostname lookup) ...
Likely someone is trying to get cuddly with your os.... from afar .. not sure how statd falls into this.. what all are you running on this box, and are you or are you not connected to the web when this happens.. Are you running a firewall??

What install of what dist are we talking about ... does the box fall over after this? etc etc ... will try to help but need much more info.

Anything and everything you do on your Linux box, either as root or as user, will reselt in mail and messages being sent to the system administrator,telling the administrator what you have been up to (root=you on a single user system). Open a terminal and have a look at man mail for clues how to reduce the clutter (basically a redirect to /dev/null).
Man mail also gives you leads to similar files you may want to regulate.
AS for the weird symbols, check KDE Control Center, Applications, Fonts, and see what char set you have selected. :D

[ 01 March 2001: Message edited by: bigrigdriver ]

Redhat62 remote hosted box. That rpc.statd is what's getting my attention especially all those funky characters that someone appears to be hiding under.

I don't know exactly what rpc.statd is (I'm still in the learning stages). What is it??

Most stuff I see in /var/messages is dns stuff, which makes sense for the reverse dns. I have my own dns for box and data center does the secondary dns.

I really don't want to omit the messages from showing up in the log since I would like to see who all's trying to cuddley with me.

*grins*

from inetd.conf

# rstatd/1-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rstatd
# rusersd/2-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rusersd
# walld/1 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rwalld


Immediately above it...

# Sun-RPC based services.
# <service name/version><sock_type><rpc/prot><flags><user><server><args>


I have no man pages on them, nor can I find anything on my system about them.

inetd.conf shows this:

rstatd/1-3 --- was already commented out.

These four aren't listed ---

rusersd/2-3
walld/1
Sun-RPC based services
<service name/version>

Only things open are two services (mail and ftp). When those gethostby errors show up they're not performed on a regular "time" basis. First ones were 5 minutes apart, second one was 11 minutes, other's were 1 minute apart. That's why I'm thinking that possibly someone is manually attempting to kiss me before attempting to screw me.

This wouldn't have anything to do with a DDOS attack of some type, would it??