> deb http://security.debian.org/debian-security potato/updates main contrib non-
> free
> deb http://security.debian.org/debian-non-US potato/non-US main contrib non-fre
> e
> deb http://security.debian.org potato/updates main contrib non-free
Someone administering the www.debian.org security
On Thu, Jul 19, 2001 at 08:43:43PM -0500, xbud wrote:
> 'Nicely' probably isn't a prefered word but you all know what I mean.
>
> Here are some numbers.
Is this thing known to point itself at the private IP blocks?, i.e.
# 10.0.0.0 10.255.255.255
# 172.16.0.0172.31.255.255
# 192.168.
'Nicely' probably isn't a prefered word but you
all know what I mean.
Here are some numbers.
- Snip
-
[EMAIL PROTECTED]:~$ cat
/var/log/boa/access_log | grep /default.ida | cut -f1-4 -d ' '
bla.bla.bla.bla
- - [19/Jul/2001:16:18:23bla.bla.bla.bla - - [19/Jul/2001:16:4
I'm sure that most of us have seen this by now in our logs:
> xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
> /default.ida?NNN
>
> N
Welcome to the wonderful world of the new IIS exploit
> Anyone seen this before? I have looked around for similar attacks, but
> cannot find any info. I assume that is a unicode string padded out with
> Ns. How would I go about finding out what is in the string?
>
>
> xxx.xxx.xxx.xxx - - [19/
On Thu, 19 Jul 2001, Brian Rectanus wrote:
> Anyone seen this before? I have looked around for similar attacks, but
> cannot find any info. I assume that is a unicode string padded out with
> Ns. How would I go about finding out what is in the string?
>
>
> xxx.xxx.xxx.xxx - - [19/Jul/2001:14:2
On Thu, Jul 19, 2001 at 05:17:26PM -0400, Brian Rectanus wrote:
> xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
> /default.ida?NNN
>
> NNN
> "Brian" == Brian Rectanus <[EMAIL PROTECTED]> writes:
Brian> Anyone seen this before? I have looked around for similar
Brian> attacks, but cannot find any info. I assume that is a
Brian> unicode string padded out with Ns. How would I go about
Brian> finding out what is in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian Rectanus <[EMAIL PROTECTED]> writes:
> Anyone seen this before? I have looked around for similar attacks, but
> cannot find any info. I assume that is a unicode string padded out with
> Ns. How would I go about finding out what is in the stri
On Thu, Jul 19, 2001 at 05:17:26PM -0400, Brian Rectanus wrote:
> Anyone seen this before? I have looked around for similar attacks, but
> cannot find any info. I assume that is a unicode string padded out with
> Ns. How would I go about finding out what is in the string?
>
>
> xxx.xxx.xxx.xxx
> Anyone seen this before?
[snip]
This is the IIS worm 'Code Red'. See Buqtraq archives at the following URI
for a fill analysis:
http://www.securityfocus.com/templates/archive.pike?fromthread=0&list=1&star
t=2001-07-15&threads=0&mid=197828&end=2001-07-21&
I've seen about 20 or so requests for t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Brian" == Brian Rectanus <[EMAIL PROTECTED]> writes:
Brian> Anyone seen this before? I have looked around for similar
Brian> attacks, but cannot find any info. I assume that is a unicode
Brian> string padded out with Ns. How would I go about
Its an IIS worm
Have a lookie
http://www.eeye.com/html/Research/Advisories/AL20010717.html
/dg
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, 20 July 2001 7:17 AM
To: debian-security@lists.debian.org
Subject: CGI Buffer Overflow?
Anyone seen this b
Hi
On Thu, Jul 19, 2001 at 05:17:26PM -0400, Brian Rectanus wrote:
> xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
> /default.ida?NNN
>
> NNN
'Nicely' probably isn't a prefered word but you
all know what I mean.
Here are some numbers.
- Snip
-
xbud@natas:~$ cat
/var/log/boa/access_log | grep /default.ida | cut -f1-4 -d ' '
bla.bla.bla.bla
- - [19/Jul/2001:16:18:23bla.bla.bla.bla - - [19/Jul/2001:16:48:16bla
Good point. That works nicely - thanks!
At 09:57 PM 7/19/2001 +, Thomas Poindessous wrote:
[EMAIL PROTECTED] (Eric N. Valor) writes:
> I know this doesn't really belong on the security list, but that's where=20
> this thread started. I thought I'd toss in my $.02 and bring attention to=
Anyone seen this before? I have looked around for similar attacks, but
cannot find any info. I assume that is a unicode string padded out with
Ns. How would I go about finding out what is in the string?
xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
/default.ida?
> "Brian" == Brian Rectanus <[EMAIL PROTECTED]> writes:
Brian> Anyone seen this before? I have looked around for similar
Brian> attacks, but cannot find any info. I assume that is a
Brian> unicode string padded out with Ns. How would I go about
Brian> finding out what is in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian Rectanus <[EMAIL PROTECTED]> writes:
> Anyone seen this before? I have looked around for similar attacks, but
> cannot find any info. I assume that is a unicode string padded out with
> Ns. How would I go about finding out what is in the str
On Thu, Jul 19, 2001 at 05:17:26PM -0400, Brian Rectanus wrote:
> Anyone seen this before? I have looked around for similar attacks, but
> cannot find any info. I assume that is a unicode string padded out with
> Ns. How would I go about finding out what is in the string?
>
>
> xxx.xxx.xxx.xx
I'm sure that most of us have seen this by now in our logs:
> xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
> /default.ida?NNN
>
>
Welcome to the wonderful world of the new IIS exploit
> Anyone seen this before? I have looked around for similar attacks, but
> cannot find any info. I assume that is a unicode string padded out with
> Ns. How would I go about finding out what is in the string?
>
>
> xxx.xxx.xxx.xxx - - [19
> Anyone seen this before?
[snip]
This is the IIS worm 'Code Red'. See Buqtraq archives at the following URI
for a fill analysis:
http://www.securityfocus.com/templates/archive.pike?fromthread=0&list=1&star
t=2001-07-15&threads=0&mid=197828&end=2001-07-21&
I've seen about 20 or so requests for
[EMAIL PROTECTED] (Eric N. Valor) writes:
> I know this doesn't really belong on the security list, but that's where=20
> this thread started. I thought I'd toss in my $.02 and bring attention to=
> =20
> a broken deb-src address in out-of-box /etc/apt/sources.list file:
>
> deb-src http://non-u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Brian" == Brian Rectanus <[EMAIL PROTECTED]> writes:
Brian> Anyone seen this before? I have looked around for similar
Brian> attacks, but cannot find any info. I assume that is a unicode
Brian> string padded out with Ns. How would I go abou
Its an IIS worm
Have a lookie
http://www.eeye.com/html/Research/Advisories/AL20010717.html
/dg
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, 20 July 2001 7:17 AM
To: [EMAIL PROTECTED]
Subject: CGI Buffer Overflow?
Anyone seen this before? I hav
Hi
On Thu, Jul 19, 2001 at 05:17:26PM -0400, Brian Rectanus wrote:
> xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
> /default.ida?NNN
>
> NN
On Thu, 19 Jul 2001, Brian Rectanus wrote:
> Anyone seen this before? I have looked around for similar attacks, but
> cannot find any info. I assume that is a unicode string padded out with
> Ns. How would I go about finding out what is in the string?
>
>
> xxx.xxx.xxx.xxx - - [19/Jul/2001:14:
On Thu, Jul 19, 2001 at 05:17:26PM -0400, Brian Rectanus wrote:
> xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
> /default.ida?NNN
>
> NN
Anyone seen this before? I have looked around for similar attacks, but
cannot find any info. I assume that is a unicode string padded out with
Ns. How would I go about finding out what is in the string?
xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
/default.ida?NNN
I know this doesn't really belong on the security list, but that's where
this thread started. I thought I'd toss in my $.02 and bring attention to
a broken deb-src address in out-of-box /etc/apt/sources.list file:
deb-src http://non-us.debian.org/debian-non-US stable non-US
should actually
At 16:42 19.07.01, you wrote:
> What might be the URL/apt-get sources.list line for security fixes of
>the non-US packages?
Taken from the latest
Debian Weekly News - July 18th, 2001
Newbie Tip-of-the-week Are you security-conscious? Good! Here's how
you can use apt-get to keep your potato syst
[EMAIL PROTECTED] (Eric N. Valor) writes:
> I know this doesn't really belong on the security list, but that's where=20
> this thread started. I thought I'd toss in my $.02 and bring attention to=
> =20
> a broken deb-src address in out-of-box /etc/apt/sources.list file:
>
> deb-src http://non-
according to
http://www.debian.org/doc/manuals/securing-debian-howto/ch3.html#s-update
its
deb http://security.debian.org/debian-non-US stable/non-US main contrib non-free
g phil
On Thu, Jul 19, 2001 at 05:42:00PM +0300, Juha J?ykk? wrote:
> What might be the URL/apt-get sources.list line for
On Thu, Jul 19, 2001 at 05:42:00PM +0300, Juha Jäykkä wrote:
> What might be the URL/apt-get sources.list line for security fixes of
> the non-US packages?
deb http://security.debian.org/debian-non-US potato/non-US main contrib
non-free
Jean
At 16:42 19.07.01, you wrote:
> What might be the URL/apt-get sources.list line for security fixes of
>the non-US packages?
Taken from the latest
Debian Weekly News - July 18th, 2001
Newbie Tip-of-the-week Are you security-conscious? Good! Here's how
you can use apt-get to keep your potato sy
What might be the URL/apt-get sources.list line for security fixes of
the non-US packages?
--
---
| Juha Jäykkä, [EMAIL PROTECTED]|
| home: http://www.utu.fi/~juolja/
according to
http://www.debian.org/doc/manuals/securing-debian-howto/ch3.html#s-update
its
deb http://security.debian.org/debian-non-US stable/non-US main contrib non-free
g phil
On Thu, Jul 19, 2001 at 05:42:00PM +0300, Juha J?ykk? wrote:
> What might be the URL/apt-get sources.list line fo
On Thu, Jul 19, 2001 at 05:42:00PM +0300, Juha Jäykkä wrote:
> What might be the URL/apt-get sources.list line for security fixes of
> the non-US packages?
deb http://security.debian.org/debian-non-US potato/non-US main contrib non-free
Jean
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
w
What might be the URL/apt-get sources.list line for security fixes of
the non-US packages?
--
---
| Juha Jäykkä, [EMAIL PROTECTED]|
| home: http://www.utu.fi/~juolja/ |
40 matches
Mail list logo
