On Fri, 29 Jun 2001, Mark Hollow spewed into the ether: > Any help you can give me would be appreciated. > > I've a Sun Netra X1 (Solaris 8) with a /var/adm/messages file full of these > messages at frequent but irregular intervals (approx every 5-10 seconds for > several hours). > > Jun 24 03:43:02 jim bsd-gw[13276]: [ID 315218 lpr.error] Invalid protocol r > equest (66): > BBBXXXXXXXXXXXXXXXXXX%.156u%300$n%.21u%301$nsecurity%302$n%.192u%30 > 3$n111F1f1C]C]KMM1ECf]fE'MEEEMCCC1?A^u1FEMU/bin/sh Looks like the red worm. dunno what you would see, but you shouldn't have to worry unless you are running lpr on am machine exposed to the net. Otherwise, look for an open listening port, modified files...... the usual suspects. Devdas Bhagat ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Jun 30 2001 - 08:56:13 PDT