Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: massive lpr exploit attempt

From: Andy Duncan <andyduncan () motives co uk>
Date: Wed, 27 Jun 2001 12:51:44 +0100
Me Too! Except mine are coming-in in pairs:

Jun 24 07:33:47 : Packet log: ext-in DENY eth1 PROTO=6
147.171.132.7:3722 62.49.x.x:515 L=60 S=0x00 I=58098
F=0x4000 T=47 SYN (#38)
Jun 24 07:33:50 : Packet log: ext-in DENY eth1 PROTO=6
147.171.132.7:3722 62.49.x.x:515 L=60 S=0x00 I=60521
F=0x4000 T=47 SYN (#38)
Jun 25 04:45:44 : Packet log: ext-in DENY eth1 PROTO=6
61.144.234.235:2570 62.49.x.x:515 L=60 S=0x00 I=1958
F=0x4000 T=43 SYN (#38)
Jun 25 04:45:47 : Packet log: ext-in DENY eth1 PROTO=6
61.144.234.235:2570 62.49.x.x:515 L=60 S=0x00 I=4186
F=0x4000 T=43 SYN (#38)
Jun 25 04:59:22 : Packet log: ext-in DENY eth1 PROTO=6
140.148.2.222:2928 62.49.x.x:515 L=60 S=0x00 I=30733
F=0x4000 T=43 SYN (#38)
Jun 25 04:59:25 : Packet log: ext-in DENY eth1 PROTO=6
140.148.2.222:2928 62.49.x.x:515 L=60 S=0x00 I=32876
F=0x4000 T=43 SYN (#38)
Jun 25 05:18:52 : Packet log: ext-in DENY eth1 PROTO=6
168.77.43.66:4225 62.49.x.x:515 L=60 S=0x00 I=10561
F=0x4000 T=51 SYN (#38)
Jun 25 05:18:54 : Packet log: ext-in DENY eth1 PROTO=6
168.77.43.66:4225 62.49.x.x:515 L=60 S=0x00 I=11727
F=0x4000 T=51 SYN (#38)
Jun 26 11:04:18 : Packet log: ext-in DENY eth1 PROTO=6
211.23.6.234:4110 62.49.x.x:515 L=60 S=0x00 I=26475
F=0x4000 T=46 SYN (#38)
Jun 26 11:04:22 : Packet log: ext-in DENY eth1 PROTO=6
211.23.6.234:4110 62.49.x.x:515 L=60 S=0x00 I=28649
F=0x4000 T=46 SYN (#38)
Jun 26 11:24:21 : Packet log: ext-in DENY eth1 PROTO=6
207.105.204.223:4519 62.49.x.x:515 L=60 S=0x00 I=43037
F=0x4000 T=49 SYN (#38)
Jun 26 11:24:24 : Packet log: ext-in DENY eth1 PROTO=6
207.105.204.223:4519 62.49.x.x:515 L=60 S=0x00 I=45133
F=0x4000 T=49 SYN (#38)


BTW, is there an accepted format for wrapping/anonymizing packet
logs?  I'm not completely happy with the above.


-----Original Message-----
From: Andrew Doran [mailto:a.doran () mosierfluidpower com]
Sent: 26 June 2001 20:09
To: incidents () securityfocus com
Subject: RE: massive lpr exploit attempt


I got one too...
Jun 25 15:11:06 : Packet log: input REJECT eth0 PROTO=6 
210.102.23.70:4902
aaa.bbb.ccc.ddd.eee:111 L=60 S=0x00 I=28779 F=0x4000 T=49 SYN (#8)





----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: