Re: FW: [SLUG] Possible hacker Attempt

2005-04-07 Thread Gottfried Szing
Phill wrote: What is AFAIR AFAIK this means As Far As I Remember ;) cu, gottfried -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: FW: [SLUG] Possible hacker Attempt

2005-04-07 Thread Ken Foskey
On Thu, 2005-04-07 at 09:22 +1000, Phill wrote: OK. I did a bit of reading on the subject. Linux can be vulnerable to buffer overrun attacks can't it? If not, why not? Absolutely. Everything can be susceptible to these attacks if they are written in a language that allows it, typically C.

Re: FW: [SLUG] Possible hacker Attempt

2005-04-06 Thread Howard Lowndes
Phill wrote: I am also curious. How does this attack work? I understand the idea of filling up a buffer with junk but then As Gottfried said, on Linux it doesn't work, but on IIS it causes a buffer overflow which then allows uncontrolled access for the exploit - or something like that - I

RE: FW: [SLUG] Possible hacker Attempt

2005-04-06 Thread Visser, Martin
Cc: slug@slug.org.au Subject: Re: FW: [SLUG] Possible hacker Attempt Phill wrote: I am also curious. How does this attack work? I understand the idea of filling up a buffer with junk but then As Gottfried said, on Linux it doesn't work, but on IIS it causes a buffer overflow which

Re: FW: [SLUG] Possible hacker Attempt

2005-04-06 Thread Howard Lowndes
attacks can't it? If not, why not? Regards, Phill -Original Message- From: Howard Lowndes [mailto:[EMAIL PROTECTED] Sent: Thursday, 7 April 2005 7:30 AM To: Phill Cc: slug@slug.org.au Subject: Re: FW: [SLUG] Possible hacker Attempt Phill wrote: I am also curious. How does this attack work? I

Re: FW: [SLUG] Possible hacker Attempt

2005-04-06 Thread telford
On Thu, Apr 07, 2005 at 09:48:48AM +1000, Howard Lowndes wrote: My bad. Of course Linux apps can be just as badly written as M$ apps and can have buffer overflows. What I should have said is that this attempt at a buffer over flow does not affect Apache. Whilst Linux apps can be badly

Re: FW: [SLUG] Possible hacker Attempt

2005-04-06 Thread Howard Lowndes
Tks Tel, that is a brilliant explanation for someone like me who doesn't know C from Z :) [EMAIL PROTECTED] wrote: On Thu, Apr 07, 2005 at 09:48:48AM +1000, Howard Lowndes wrote: My bad. Of course Linux apps can be just as badly written as M$ apps and can have buffer overflows. What I should

Re: FW: [SLUG] Possible hacker Attempt

2005-04-06 Thread Grant Parnell - slug
On Thu, 7 Apr 2005, Phill wrote: I am also curious. How does this attack work? I understand the idea of filling up a buffer with junk but then Basically a snapshot of a bit of memory might look like this after processing the URL http://localhost/cgi-bin/?HELLO-WORLD byte: content: