Security Incidents mailing list archives
Re: solaris hack info required
From: Devdas Bhagat <devdas () worldgatein net>
Date: Fri, 29 Jun 2001 22:22:47 +0530
On Fri, 29 Jun 2001, Mark Hollow spewed into the ether:
Any help you can give me would be appreciated. I've a Sun Netra X1 (Solaris 8) with a /var/adm/messages file full of these messages at frequent but irregular intervals (approx every 5-10 seconds for several hours). Jun 24 03:43:02 jim bsd-gw[13276]: [ID 315218 lpr.error] Invalid protocol r equest (66): BBBXXXXXXXXXXXXXXXXXX%.156u%300$n%.21u%301$nsecurity%302$n%.192u%30 3$n111F1f1C]C]KMM1ECf]fE'MEEEMCCC1?A^u1FEMU/bin/sh
Looks like the red worm. dunno what you would see, but you shouldn't have to worry unless you are running lpr on am machine exposed to the net. Otherwise, look for an open listening port, modified files...... the usual suspects. Devdas Bhagat ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- solaris hack info required Mark Hollow (Jun 29)
- RE: solaris hack info required Mike Batchelor (Jun 30)
- Re: solaris hack info required Devdas Bhagat (Jun 30)
- <Possible follow-ups>
- RE: solaris hack info required Ivy Lane (Jun 30)