Security Incidents mailing list archives
RE: massive lpr exploit attempt
From: Andy Duncan <andyduncan () motives co uk>
Date: Wed, 27 Jun 2001 12:51:44 +0100
Me Too! Except mine are coming-in in pairs: Jun 24 07:33:47 : Packet log: ext-in DENY eth1 PROTO=6 147.171.132.7:3722 62.49.x.x:515 L=60 S=0x00 I=58098 F=0x4000 T=47 SYN (#38) Jun 24 07:33:50 : Packet log: ext-in DENY eth1 PROTO=6 147.171.132.7:3722 62.49.x.x:515 L=60 S=0x00 I=60521 F=0x4000 T=47 SYN (#38) Jun 25 04:45:44 : Packet log: ext-in DENY eth1 PROTO=6 61.144.234.235:2570 62.49.x.x:515 L=60 S=0x00 I=1958 F=0x4000 T=43 SYN (#38) Jun 25 04:45:47 : Packet log: ext-in DENY eth1 PROTO=6 61.144.234.235:2570 62.49.x.x:515 L=60 S=0x00 I=4186 F=0x4000 T=43 SYN (#38) Jun 25 04:59:22 : Packet log: ext-in DENY eth1 PROTO=6 140.148.2.222:2928 62.49.x.x:515 L=60 S=0x00 I=30733 F=0x4000 T=43 SYN (#38) Jun 25 04:59:25 : Packet log: ext-in DENY eth1 PROTO=6 140.148.2.222:2928 62.49.x.x:515 L=60 S=0x00 I=32876 F=0x4000 T=43 SYN (#38) Jun 25 05:18:52 : Packet log: ext-in DENY eth1 PROTO=6 168.77.43.66:4225 62.49.x.x:515 L=60 S=0x00 I=10561 F=0x4000 T=51 SYN (#38) Jun 25 05:18:54 : Packet log: ext-in DENY eth1 PROTO=6 168.77.43.66:4225 62.49.x.x:515 L=60 S=0x00 I=11727 F=0x4000 T=51 SYN (#38) Jun 26 11:04:18 : Packet log: ext-in DENY eth1 PROTO=6 211.23.6.234:4110 62.49.x.x:515 L=60 S=0x00 I=26475 F=0x4000 T=46 SYN (#38) Jun 26 11:04:22 : Packet log: ext-in DENY eth1 PROTO=6 211.23.6.234:4110 62.49.x.x:515 L=60 S=0x00 I=28649 F=0x4000 T=46 SYN (#38) Jun 26 11:24:21 : Packet log: ext-in DENY eth1 PROTO=6 207.105.204.223:4519 62.49.x.x:515 L=60 S=0x00 I=43037 F=0x4000 T=49 SYN (#38) Jun 26 11:24:24 : Packet log: ext-in DENY eth1 PROTO=6 207.105.204.223:4519 62.49.x.x:515 L=60 S=0x00 I=45133 F=0x4000 T=49 SYN (#38) BTW, is there an accepted format for wrapping/anonymizing packet logs? I'm not completely happy with the above.
-----Original Message----- From: Andrew Doran [mailto:a.doran () mosierfluidpower com] Sent: 26 June 2001 20:09 To: incidents () securityfocus com Subject: RE: massive lpr exploit attempt I got one too... Jun 25 15:11:06 : Packet log: input REJECT eth0 PROTO=6 210.102.23.70:4902 aaa.bbb.ccc.ddd.eee:111 L=60 S=0x00 I=28779 F=0x4000 T=49 SYN (#8)
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- massive lpr exploit attempt Russell Fulton (Jun 24)
- Re: massive lpr exploit attempt Kevin van Haaren (Jun 24)
- RE: massive lpr exploit attempt Tony Lambiris (Jun 26)
- RE: massive lpr exploit attempt Andrew Doran (Jun 26)
- Re: massive lpr exploit attempt Galitz (Jun 27)
- Re: massive lpr exploit attempt Pavel Lozhkin (Jun 27)
- RE: massive lpr exploit attempt Andrew Doran (Jun 26)
- <Possible follow-ups>
- Re: massive lpr exploit attempt E Kelly Bond (Jun 27)
- RE: massive lpr exploit attempt Andy Duncan (Jun 27)