[lug] possible intrusion

Deva Samartha blug-receive at mtbwr.net
Thu Jul 19 11:40:51 MDT 2001


Thank you for your information - security focus search on shellcode results 
in 800 matches. In the meantime, I got about 15 of the NNNN's, more popping 
again and again. -

If you know the feeling and possibly more about the exploit, could I 
possibly bribe you with  ?

<n> cans of <beverage>
<n> ::= 1,2,3..12
<beverage> ::= <beer> | <soft drink>
...

or would that insult you?

To reveal a.) is it dangerous, b.) a possible search criteria to narrow
down the search for the exploit.

Maybe they just enjoy making me freak out?

I start reading the security focus in the meantime.

Thanks

Samartha


>You may wish to subscribe to some security mailing lists. I recommend some of
>the Security Focus lists -- www.securityfocus.com. Specifically, the 
>incidents,
>and the bugtraq lists are very helpful. This is a known exploit.
>
>-brad
>
> > I am getting a few of these on port 80:
> >
> > [19/Jul/2001:07:48:26 -0600] "GET /default.ida?NNNNNNNN
> > (many more NNN's).....NNNN%u9090%u6858%ucbd3%u7801%u9090%u.....
> >
> > which looks like buffer overflow intrusion.
> >
> > Does anyone know more about this?
> >
> > thanks,
> >
> > Samartha




More information about the LUG mailing list