Hi, in the last few days i got several request on my firewall box like: Apr 4 17:22:58 router kernel: Packet log: input DENY ippp0 PROTO=6 xxx.xxx.xxx.xxx::3737 xxx.xxx.xxx.xxx:515 L=60 S=0x00 I=21162 F=0x4000 T=48 SYN (#37) what the hell is that? in /etc/services i found: printer 515/udp # spooler so is someone trying to "print" something on my printer or what??? Jan [?][!] newtention technologies gmbh // rathausallee 72-76 // 22846 norderstedt mailto: jan@newtention.de // http://www.newtention.de phone: 040-5 54 45 89 - 3 // mobil: 0178-4777948 // fax: 040-5 54 45 89 - 9 ----- The day Microsoft makes something that doesn't suck, is probably the day Microsoft starts making vacuum cleaners.
in the last few days i got several request on my firewall box like:
Apr 4 17:22:58 router kernel: Packet log: input DENY ippp0 PROTO=6 xxx.xxx.xxx.xxx::3737 xxx.xxx.xxx.xxx:515 L=60 S=0x00 I=21162 F=0x4000 T=48 SYN (#37)
what the hell is that? in /etc/services i found:
printer 515/udp # spooler
so is someone trying to "print" something on my printer or what???
Yes... lprng of other distributions was susceptible to some security-related bugs. You may have been attacked, but it's good practice that you use some packet filter. :-/
Jan
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Yes... lprng of other distributions was susceptible to some security-related bugs. You may have been attacked, but it's good practice that you use some packet filter. :-/
hmm... i thought about something like that. I just wondered what kind of attack that might be. Jan
hi jan, i had the same behaviour since some days in my logs and i thought about getting scanned by the "adore worm" perhaps. see http://www.sans.org/y2k/adore.htm maybe our logs are an indicator for the existence of it...;-) i don't know! bye, daniel Jan Räther schrieb:
Yes... lprng of other distributions was susceptible to some security-related bugs. You may have been attacked, but it's good practice that you use some packet filter. :-/
hmm... i thought about something like that. I just wondered what kind of attack that might be.
Jan
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Wed, 4 Apr 2001, [iso-8859-1] Jan R�ther wrote:
Hi,
in the last few days i got several request on my firewall box like:
Apr 4 17:22:58 router kernel: Packet log: input DENY ippp0 PROTO=6 xxx.xxx.xxx.xxx::3737 xxx.xxx.xxx.xxx:515 L=60 S=0x00 I=21162 F=0x4000 T=48 SYN (#37)
what the hell is that? in /etc/services i found:
printer 515/udp # spooler
so is someone trying to "print" something on my printer or what???
Jan
Yeah my friend. Any is trying to print in your printer. On my server always is it. I have ipchains with -l and i can see it.
[?][!] newtention technologies gmbh // rathausallee 72-76 // 22846 norderstedt mailto: jan@newtention.de // http://www.newtention.de phone: 040-5 54 45 89 - 3 // mobil: 0178-4777948 // fax: 040-5 54 45 89 - 9
----- The day Microsoft makes something that doesn't suck, is probably the day Microsoft starts making vacuum cleaners.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Yeah my friend. Any is trying to print in your printer. On my server always is it. I have ipchains with -l and i can see it.
hmm... just wondering what they try to print.... maybe something like: h3y 5uck3r, 1 0wn j00! ;-))) Jan
No this is a new worm that is currently doing the rounds. It first scans for all the common vulnerabilities. On Wed, 4 Apr 2001, [iso-8859-1] Jan R�ther wrote:
Hi,
in the last few days i got several request on my firewall box like:
Apr 4 17:22:58 router kernel: Packet log: input DENY ippp0 PROTO=6 xxx.xxx.xxx.xxx::3737 xxx.xxx.xxx.xxx:515 L=60 S=0x00 I=21162 F=0x4000 T=48 SYN (#37)
what the hell is that? in /etc/services i found:
printer 515/udp # spooler
so is someone trying to "print" something on my printer or what???
Jan
[?][!] newtention technologies gmbh // rathausallee 72-76 // 22846 norderstedt mailto: jan@newtention.de // http://www.newtention.de phone: 040-5 54 45 89 - 3 // mobil: 0178-4777948 // fax: 040-5 54 45 89 - 9
----- The day Microsoft makes something that doesn't suck, is probably the day Microsoft starts making vacuum cleaners.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (5)
-
Daniel Quappe -
Hipolito A. Gonzalez M. -
Jan Räther -
Roman Drahtmueller -
semat