[unisog] Previous Thread on Increased Probes

Andreas Östling andreaso at it.su.se
Fri Jul 23 18:50:30 GMT 2004


I can't really tell from your logs what it is, but we see that almost 
every single scan of 23/tcp is followed by attempts at exploiting
the old Solaris TTYPROMPT buffer overflow 
(http://www.securityfocus.com/bid/5531/). It can generate quite a few 
packets against each target host.

/Andreas


On Fri, 23 Jul 2004, Lois Lehman wrote:

> Sorry to bring this up again but a colleague at another university has
> asked me if anyone has seen a recent flood of attacks on their address
> space similar to what he experienced a couple of weeks ago.  I remember
> there was some talk, maybe on this list, about seeing incoming packets
> from many sources with numbers near a thousand.  But in cleaning out my
> Inbox after a vacation, I must have deleted that information.
> 
> Here is a sample of some of the traffic from one source found in his
> logs:
> 
> Jul  9 21:21:54 gateway 1305838: 2d14h: %SEC-6-IPACCESSLOGP: list 120
> permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 1 packet
...



More information about the unisog mailing list