[lug] possible intrusion
Deva Samartha
blug-receive at mtbwr.net
Thu Jul 19 11:40:51 MDT 2001
Thank you for your information - security focus search on shellcode results
in 800 matches. In the meantime, I got about 15 of the NNNN's, more popping
again and again. -
If you know the feeling and possibly more about the exploit, could I
possibly bribe you with ?
<n> cans of <beverage>
<n> ::= 1,2,3..12
<beverage> ::= <beer> | <soft drink>
...
or would that insult you?
To reveal a.) is it dangerous, b.) a possible search criteria to narrow
down the search for the exploit.
Maybe they just enjoy making me freak out?
I start reading the security focus in the meantime.
Thanks
Samartha
>You may wish to subscribe to some security mailing lists. I recommend some of
>the Security Focus lists -- www.securityfocus.com. Specifically, the
>incidents,
>and the bugtraq lists are very helpful. This is a known exploit.
>
>-brad
>
> > I am getting a few of these on port 80:
> >
> > [19/Jul/2001:07:48:26 -0600] "GET /default.ida?NNNNNNNN
> > (many more NNN's).....NNNN%u9090%u6858%ucbd3%u7801%u9090%u.....
> >
> > which looks like buffer overflow intrusion.
> >
> > Does anyone know more about this?
> >
> > thanks,
> >
> > Samartha
More information about the LUG
mailing list