more attacks
Kenneth Iwata
ken_iwata at msn.com
Sun Jul 29 12:06:30 PDT 2001
Looks like FlexNet (http://www.flex.com) webpage has been "hacked"
----- Original Message -----
From: Dusty
Sent: Saturday, July 28, 2001 4:10 PM
To: Linux & Unix Advocates & Users
Subject: [luau] more attacks
Well someone tried another MS exploit on the OpenBSD again last night. This time it was the Win2K NULL.printer exploit. Log looks like this:
66.24.106.119 - - [26/Jul/2001:05:18:59 -1000] "GET /NULL.printer HTTP/1.0" 400 324
I also have been getting several attemps to connect to port 111 (rpc) and 53 (dns). They are both blocked from the outside so no problem. Stuff like this:
Jul 27 02:46:09 manapua ipmon[3873]: 02:46:08.451611 le0 @0:12 b 211.184.139.130,2117 -> my.external.ip.address,111 PR tcp len 20 60 -S IN
Jul 27 00:43:18 manapua ipmon[3873]: 00:43:17.326058 le0 @0:12 b 203.200.119.157,4624 -> my.external.ip.address,53 PR udp len 20 58 IN
I also recieved a few request for is_this_the_index.cfm. I don't know what this file is, but the are alot of weblog files that have this and a few people asking what it is, but I haven't found out yet. Anyone else know? The log entry looks like this:
216.38.169.247 - - [24/Jul/2001:11:41:50 -1000] "GET /is_this_the_index.cfm HTTP/1.0" 404 287
and it is always preceded by this
216.38.169.247 - - [24/Jul/2001:11:41:50 -1000] "GET /is_this_the_index.cfm HTTP/1.0" 404 287
I hope everyone on this list is running a firewall of some sort. If you don't think you need it check out this http://project.honeynet.org/papers/stats/ they set up a few anonymous systems on the internet and just monitored them to see if they got attacked. The results are scary.
Dusty
---
You are currently subscribed to luau as: ken_iwata at msn.com
To unsubscribe send a blank email to $subst('Email.Unsub')Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20010729/11601bd2/attachment-0001.htm>
More information about the LUAU
mailing list