RE: massive lpr exploit attempt

From: Andy Duncan (andyduncanat_private)
Date: Wed Jun 27 2001 - 04:51:44 PDT

Next message: Galitz: "Re: massive lpr exploit attempt"

Previous message: Piotr Klaban: "Re: Printer exploit?"
Maybe in reply to: Russell Fulton: "massive lpr exploit attempt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Me Too! Except mine are coming-in in pairs:

Jun 24 07:33:47 : Packet log: ext-in DENY eth1 PROTO=6
147.171.132.7:3722 62.49.x.x:515 L=60 S=0x00 I=58098
F=0x4000 T=47 SYN (#38)
Jun 24 07:33:50 : Packet log: ext-in DENY eth1 PROTO=6
147.171.132.7:3722 62.49.x.x:515 L=60 S=0x00 I=60521
F=0x4000 T=47 SYN (#38)
Jun 25 04:45:44 : Packet log: ext-in DENY eth1 PROTO=6
61.144.234.235:2570 62.49.x.x:515 L=60 S=0x00 I=1958
F=0x4000 T=43 SYN (#38)
Jun 25 04:45:47 : Packet log: ext-in DENY eth1 PROTO=6
61.144.234.235:2570 62.49.x.x:515 L=60 S=0x00 I=4186
F=0x4000 T=43 SYN (#38)
Jun 25 04:59:22 : Packet log: ext-in DENY eth1 PROTO=6
140.148.2.222:2928 62.49.x.x:515 L=60 S=0x00 I=30733
F=0x4000 T=43 SYN (#38)
Jun 25 04:59:25 : Packet log: ext-in DENY eth1 PROTO=6
140.148.2.222:2928 62.49.x.x:515 L=60 S=0x00 I=32876
F=0x4000 T=43 SYN (#38)
Jun 25 05:18:52 : Packet log: ext-in DENY eth1 PROTO=6
168.77.43.66:4225 62.49.x.x:515 L=60 S=0x00 I=10561
F=0x4000 T=51 SYN (#38)
Jun 25 05:18:54 : Packet log: ext-in DENY eth1 PROTO=6
168.77.43.66:4225 62.49.x.x:515 L=60 S=0x00 I=11727
F=0x4000 T=51 SYN (#38)
Jun 26 11:04:18 : Packet log: ext-in DENY eth1 PROTO=6
211.23.6.234:4110 62.49.x.x:515 L=60 S=0x00 I=26475
F=0x4000 T=46 SYN (#38)
Jun 26 11:04:22 : Packet log: ext-in DENY eth1 PROTO=6
211.23.6.234:4110 62.49.x.x:515 L=60 S=0x00 I=28649
F=0x4000 T=46 SYN (#38)
Jun 26 11:24:21 : Packet log: ext-in DENY eth1 PROTO=6
207.105.204.223:4519 62.49.x.x:515 L=60 S=0x00 I=43037
F=0x4000 T=49 SYN (#38)
Jun 26 11:24:24 : Packet log: ext-in DENY eth1 PROTO=6
207.105.204.223:4519 62.49.x.x:515 L=60 S=0x00 I=45133
F=0x4000 T=49 SYN (#38)


BTW, is there an accepted format for wrapping/anonymizing packet
logs?  I'm not completely happy with the above.

> -----Original Message-----
> From: Andrew Doran [mailto:a.doranat_private]
> Sent: 26 June 2001 20:09
> To: incidentsat_private
> Subject: RE: massive lpr exploit attempt
> 
> 
> I got one too...
> Jun 25 15:11:06 : Packet log: input REJECT eth0 PROTO=6 
> 210.102.23.70:4902
> aaa.bbb.ccc.ddd.eee:111 L=60 S=0x00 I=28779 F=0x4000 T=49 SYN (#8)
> 
> 


----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: Galitz: "Re: massive lpr exploit attempt"
Previous message: Piotr Klaban: "Re: Printer exploit?"
Maybe in reply to: Russell Fulton: "massive lpr exploit attempt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 18:16:11 PDT