-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 164-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 10th, 2002
Hi all.
While digging through the error.log of my apache I found two lines that
seem to hint toward a new (?) worm. I saw the first one some days ago, too:
[Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed:
erroneous characters after protocol string: CONNECT
Sounds like Code Red. We get a lot of these too, and
the Microsoft attacks don't do much to an Apache server :)
-Anne
This one time, Michael Renzmann wrote:
Hi all.
While digging through the error.log of my apache I found two lines that
seem to hint toward a new (?) worm. I saw the first
Hi Anne.
Anne Carasik wrote:
Sounds like Code Red. We get a lot of these too, and
the Microsoft attacks don't do much to an Apache server :)
Ok, thanks for the info. I guess I didn't saw this one by now because
Code Red seems to die more and more, right? :)
Bye, Mike
Hi,
Sorry i know this is off topic but dose anyone know where theres a good
HOW-TO on Seting up SAMBA as a print server ??
there is an online book from oreilly:
http://www.oreilly.com/catalog/samba/chapter/book/index.html
Viele Gruesse
Ralf Dreibrodt
--
Mesos Telefon 49 221
Hello Debians,
- Original Message -
From: Michael Renzmann [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Sent: Tuesday, September 10, 2002 8:35 AM
Subject: suspicious apache log entries
[Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed:
erroneous
Hi Andreas.
Andreas Syksa wrote:
I've seen tons of ../script/ and ../cmd.exe's as I've got several
machines with fixed ips.
I also received quite a lot of those requests, although our server is
not official by now, has no domain name (besides an work-around
solution using dyndns during the
* Michael Renzmann ([EMAIL PROTECTED]) [020910 02:55]:
Phillip Hofmeister stated that one could use the Nimda backdoor on the
server that connects our server to setup a warning message on the
attacking computer's desktop. I think this is a great idea, but I have
not been able to track down
Hi.
Vineet Kumar wrote:
Phillip Hofmeister stated that one could use the Nimda backdoor on the
server that connects our server to setup a warning message on the
attacking computer's desktop.
If you do, be prepared to go to jail...
For what reason? For telling stupid webserver
* Michael Renzmann ([EMAIL PROTECTED]) [020910 03:12]:
Hi.
Vineet Kumar wrote:
Phillip Hofmeister stated that one could use the Nimda backdoor on the
server that connects our server to setup a warning message on the
attacking computer's desktop.
If you do, be prepared to go to jail...
Hi
Phillip Hofmeister is right. This tool exists.
We used this at our companies network (a bigger one, some 100'000 users ;-).
All those Frontpage or I don't know what the hell they're using users with
iis and nimda on it, were difficult to track down. Of course we tried to
warn them before
On Tue 10 Sep Marcel Weber wrote:
So a little program called Silver bullet got developed. I think it
run even on Linux. When a backdoored server tried to contact the
silver bullet server, it got shot down by this script using nimda's
backdoor. I window popped up on the attacking machine and
[Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed:
erroneous characters after protocol string: CONNECT
mailb.microsoft.com:25 / HTTP/1.0
open proxy probe, standard Internet crapola,
http://www.monkeys.com/security/proxies/
Jamie Heilman wrote:
[Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed:
erroneous characters after protocol string: CONNECT
mailb.microsoft.com:25 / HTTP/1.0
open proxy probe, standard Internet crapola,
http://www.monkeys.com/security/proxies/
Hmm, ok it appears
On Tue, Sep 10, 2002 at 03:28:42AM -0700, Vineet Kumar wrote:
* Michael Renzmann ([EMAIL PROTECTED]) [020910 03:12]:
Hi.
Vineet Kumar wrote:
Phillip Hofmeister stated that one could use the Nimda backdoor on the
server that connects our server to setup a warning message on the
Hi Marcel.
Marcel Weber wrote:
Why not introduce an
official Internet Security Team that officially has the right to do such
things. It would be for the good of the net! They could be a part of the
ICANN or UNO or whoever.
I don't think this would be successful. It's a great idea, no doubt
Hi.
Doug Winter wrote:
It claimed that the HTTP libraries used by Nimda and Code Red were
generic, and could be fooled by sending a redirect response like:
Location: http://127.0.0.1/
Nice idea. Would it be enough to redirect them to the localhost-ip, or
should the URI of the original
Hello!
I have done a script against nimda and other undesiderable access to my server,
http://ainulindale.homeunix.org/~carlos/scripts/cortafuegos/
Whath do you think about that?
best regards:
Carlos
Has anyone seen some Anti-Nimda/Code Red beside
* Quoting Erik Rossen ([EMAIL PROTECTED]):
Imagine instead a car that is always unlocked and is used nightly by
hooligans when they go joy-riding.
That's why leaving a car unlocked is illegal in
Germany. On the other hand, you still need the key
to start it and a hooligan wouldn't mind braking
* Erik Rossen ([EMAIL PROTECTED]) [020910 04:51]:
On Tue, Sep 10, 2002 at 03:28:42AM -0700, Vineet Kumar wrote:
As the law is concerned, this is like telling people they've left their
front door unlocked by inviting yourself in and taking a dump on their
couch. It's not yours, and you have
On Tue, Sep 10, 2002 at 12:43:10PM +0300, Marcel Weber wrote:
Well, but you're right: This is a beautyful tool on a companies network. But
if used on the internet, there could be legal issues. Why not introduce an
official Internet Security Team that officially has the right to do such
things.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
'nod', agreed Geoff.
Sincerely,
Daniel J. Rychlik
Money does not make the world go round , Gravity does .
- -Original Message-
From: Geoff Crompton [mailto:[EMAIL PROTECTED] On Behalf Of Geoff
Crompton
Sent: Tuesday, September 10,
Thanks to those who replied. I now have somewhere to start :)
Marcel
On Tue, 2002-09-10 at 16:16, Ralf Dreibrodt wrote:
Hi,
Sorry i know this is off topic but dose anyone know where theres a good
HOW-TO on Seting up SAMBA as a print server ??
there is an online book from oreilly:
Hello all,
The bug 155419 opened 37 days old point to a serious security issue with
postgres
as i can lead to DOS from local users or worst, make non-serious SQL / perl /
php
bugs worst (from non exploitable to DOS capable). As far as i can see, Oliver
tried
to upload 7.2.2-X in woody and i
24 matches
Mail list logo