Re: [security-elvandar] "access_log?hello" ?

• Previous message: morning_wood: "Re: Exploit for Windows RPC may be in the wild!"
• In reply to: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
• Next in thread: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
• Next in thread: Dave Paris: "Re: Port 0 packets"
• Reply: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-- OM--
From: "Remko Lodder" <remkoat_private>
Subject: Re: [security-elvandar] "access_log?hello" ?
> I dont recognise this as a particular script that is running against
> your host.
> Although it could be a custom made script that just sends a lot of
> characters (or a lot of hello's)
> to your host, trying to overflow it.
>
> My best guess is that it's the overflow option,
> But i am interested now.. so when anyone else has a opinion...

An Overflow to accomplish what? I see no shellcode in that string, Other
then crashing the web server on the other end, what could be its use?  Could
It be a tool to look in the log files of webservers for previous
compromises? http://www.analog.cx/ creates the product that makes the logs
in the /logs/active/ I see no mention of any compromises in thier site.

Sal


---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: tEA-TiME: "Re: Exploit for Windows RPC may be in the wild!"
• Previous message: morning_wood: "Re: Exploit for Windows RPC may be in the wild!"
• In reply to: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
• Next in thread: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
• Next in thread: Dave Paris: "Re: Port 0 packets"
• Reply: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 09:58:52 PDT