more attacks

Jon Reynolds proteon at gci.net
Fri Jul 27 12:32:50 PDT 2001


hey Dusty, what do you use to watch your systems? I have a dns and a
web/mail server and am not real sure how to watch them. Could you maybe try
and access them from where you are and let me know of any vulnerabilities?

Jon

-----Original Message-----
From: Dusty [mailto:dusty at sandust.com]
Sent: Friday, July 27, 2001 11:01 AM
To: Linux & Unix Advocates & Users
Subject: [luau] more attacks


Well someone tried another MS exploit on the OpenBSD again last night.  This
time it was the Win2K NULL.printer exploit.  Log looks like this:

66.24.106.119 - - [26/Jul/2001:05:18:59 -1000] "GET /NULL.printer HTTP/1.0"
400 324

I also have been getting several attemps to connect to port 111 (rpc) and 53
(dns).  They are both blocked from the outside so no problem.  Stuff like
this:

Jul 27 02:46:09 manapua ipmon[3873]: 02:46:08.451611 le0 @0:12 b
211.184.139.130,2117 -> my.external.ip.address,111 PR tcp len 20 60 -S IN
Jul 27 00:43:18 manapua ipmon[3873]: 00:43:17.326058 le0 @0:12 b
203.200.119.157,4624 -> my.external.ip.address,53 PR udp len 20 58 IN

I also recieved a few request for is_this_the_index.cfm.  I don't know what
this file is, but the are alot of weblog files that have this and a few
people asking what it is, but I haven't found out yet.  Anyone else know?
The log entry looks like this:

216.38.169.247 - - [24/Jul/2001:11:41:50 -1000] "GET /is_this_the_index.cfm
HTTP/1.0" 404 287

and it is always preceded by this

216.38.169.247 - - [24/Jul/2001:11:41:50 -1000] "GET /is_this_the_index.cfm
HTTP/1.0" 404 287

I hope everyone on this list is running a firewall of some sort.  If you
don't think you need it check out this
http://project.honeynet.org/papers/stats/ they set up a few anonymous
systems on the internet and just monitored them to see if they got attacked.
The results are scary.


Dusty

---
You are currently subscribed to luau as: proteon at gci.net
To unsubscribe send a blank email to $subst('Email.Unsub')



More information about the LUAU mailing list