Re: [security-elvandar] "access_log?hello" ?
From: Salvatore Poliandro (jello_at_vanished.net)
Date: 07/28/03
- Previous message: morning_wood: "Re: Exploit for Windows RPC may be in the wild!"
- In reply to: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
- Next in thread: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
- Reply: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Remko Lodder" <remko@elvandar.org>, "Christine Kronberg" <Christine_Kronberg@genua.de> Date: Sun, 27 Jul 2003 18:08:22 -0400
-- OM--
From: "Remko Lodder" <remko@elvandar.org>
Subject: Re: [security-elvandar] "access_log?hello" ?
> I dont recognise this as a particular script that is running against
> your host.
> Although it could be a custom made script that just sends a lot of
> characters (or a lot of hello's)
> to your host, trying to overflow it.
>
> My best guess is that it's the overflow option,
> But i am interested now.. so when anyone else has a opinion...
An Overflow to accomplish what? I see no shellcode in that string, Other
then crashing the web server on the other end, what could be its use? Could
It be a tool to look in the log files of webservers for previous
compromises? http://www.analog.cx/ creates the product that makes the logs
in the /logs/active/ I see no mention of any compromises in thier site.
Sal
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: morning_wood: "Re: Exploit for Windows RPC may be in the wild!"
- In reply to: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
- Next in thread: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
- Reply: Remko Lodder: "Re: [security-elvandar] "access_log?hello" ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
