We are getting this error message /var/log/messages

We are getting this error message /var/log/messages

Post by Miguel ángel Córdob » Sat, 21 Apr 2001 20:10:15



---

Apr  8 15:53:44 aqua bsd-gw[8834]: Invalid protocol request (66):
BBBXXXXXXXXXXX
XXXXXXX%.100u%300$n%.89u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEE

MCCC1?A^u1FEMU/bin/sh
Apr  8 15:53:45 aqua bsd-gw[8835]: Invalid protocol request (66):
BBBXXXXXXXXXXX
XXXXXXX%.96u%300$n%.93u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEEM

CCC1?A^u1FEMU/bin/sh
Apr  8 15:53:46 aqua bsd-gw[8836]: Invalid protocol request (66):
BBBXXXXXXXXXXX
XXXXXXX%.92u%300$n%.97u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEEM

CCC1?A^u1FEMU/bin/sh
Apr  8 15:53:55 aqua bsd-gw[8837]: Invalid protocol request (66):
BBBXXXXXXXXXXX
XXXXXXX%.88u%300$n%.101u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEE

MCCC1?A^u1FEMU/bin/sh
Apr  8 22:52:49 aqua ftpd[8910]: open_pam_conf: /etc/pam.conf writable
by group
Apr  8 23:13:40 aqua ftpd[8932]: open_pam_conf: /etc/pam.conf writable
by group

---

why this and what is compromised?

Regards,

--
-----------------------------------------------------------------------
Miguel Angel Cordoba        http://campus.uab.es/~2034008
-----------------------------------------------------------------------

 
 
 

We are getting this error message /var/log/messages

Post by Jay Wa » Sat, 21 Apr 2001 20:16:48


On Fri, 20 Apr 2001 13:10:15 +0200, Miguel


>---

>Apr  8 15:53:44 aqua bsd-gw[8834]: Invalid protocol request (66):
>BBBXXXXXXXXXXX
>XXXXXXX%.100u%300$n%.89u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEE

>MCCC1?A^u1FEMU/bin/sh
>Apr  8 15:53:45 aqua bsd-gw[8835]: Invalid protocol request (66):
>BBBXXXXXXXXXXX
>XXXXXXX%.96u%300$n%.93u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEEM

>CCC1?A^u1FEMU/bin/sh
>Apr  8 15:53:46 aqua bsd-gw[8836]: Invalid protocol request (66):
>BBBXXXXXXXXXXX
>XXXXXXX%.92u%300$n%.97u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEEM

>CCC1?A^u1FEMU/bin/sh
>Apr  8 15:53:55 aqua bsd-gw[8837]: Invalid protocol request (66):
>BBBXXXXXXXXXXX
>XXXXXXX%.88u%300$n%.101u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEE

>MCCC1?A^u1FEMU/bin/sh
>Apr  8 22:52:49 aqua ftpd[8910]: open_pam_conf: /etc/pam.conf writable
>by group
>Apr  8 23:13:40 aqua ftpd[8932]: open_pam_conf: /etc/pam.conf writable
>by group

>---

>why this and what is compromised?

Most likely it is the Adore/RedLion worm.  I have seen the signature
before.  It is attempting to exploit tcp port 515 (lpd) with a buffer
overflow.

Please go to http://www.sans.org and search for Adore and it will
explain it in more detail.

 
 
 

We are getting this error message /var/log/messages

Post by . » Thu, 26 Apr 2001 10:47:39


These are attempts to exploit a buffer overflow
vulnerability, looks like using lpr.

Not sure if it was successful but you should visit
http://www.chkrootkit.org/ and download the
rootkit checker.

The adore worm uses the lpr exploit, as well
as bind.wu-ftp and rpc.statd.

See http://www.sans.org/y2k/adore.htm for
more info.

Good Luck



Quote:> Apr  8 15:53:45 aqua bsd-gw[8835]: Invalid protocol request (66):
> BBBXXXXXXXXXXX

XXXXXXX%.96u%300$n%.93u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'M
EEEM
Quote:

> CCC1?A^u1FEMU/bin/sh
> Apr  8 15:53:46 aqua bsd-gw[8836]: Invalid protocol request (66):
> BBBXXXXXXXXXXX

XXXXXXX%.92u%300$n%.97u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'M
EEEM
 
 
 

1. We are getting this error message /var/log/messages

We are getting this error message /var/log/messages

---

Apr  8 15:53:44 aqua bsd-gw[8834]: Invalid protocol request (66):
BBBXXXXXXXXXXX
XXXXXXX%.100u%300$n%.89u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEE

MCCC1?A^u1FEMU/bin/sh
Apr  8 15:53:45 aqua bsd-gw[8835]: Invalid protocol request (66):
BBBXXXXXXXXXXX
XXXXXXX%.96u%300$n%.93u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEEM

CCC1?A^u1FEMU/bin/sh
Apr  8 15:53:46 aqua bsd-gw[8836]: Invalid protocol request (66):
BBBXXXXXXXXXXX
XXXXXXX%.92u%300$n%.97u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEEM

CCC1?A^u1FEMU/bin/sh
Apr  8 15:53:55 aqua bsd-gw[8837]: Invalid protocol request (66):
BBBXXXXXXXXXXX
XXXXXXX%.88u%300$n%.101u%301$n%.253u%302$n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEE

MCCC1?A^u1FEMU/bin/sh
Apr  8 22:52:49 aqua ftpd[8910]: open_pam_conf: /etc/pam.conf writable
by group
Apr  8 23:13:40 aqua ftpd[8932]: open_pam_conf: /etc/pam.conf writable
by group

---

why this and what is compromised

--
-----------------------------------------------------------------------
Miguel Angel Cordoba        http://campus.uab.es/~2034008
-----------------------------------------------------------------------

2. External Tap Drives???

3. Error Message in var/log/messages

4. Motherboard upgrade

5. How large can /var/log/messages and /var/log/syslog get ?

6. ksh93 as default

7. How to close /var/log/syslog and /var/log/messages..

8. reseler RedHat in paris

9. Kernel messages in /var/log/messages

10. kdm message in /var/log/messages?

11. identd messages in /var/log/messages

12. Odd in.pop3d messages in /var/log/{messages,syslog}

13. Kernel messages in /var/log/messages