Intrusion Detection Systems mailing list archives

Re: Bounced Message (Mod FWD)

From: dugsong () monkey org (Dug Song)
Date: Wed, 17 May 2000 03:07:28 -0400 (EDT)


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
On Mon, 15 May 2000, Network Security wrote:

i have been seeing several instances of this with my ids, i think it
maybe napster/gnutella activity, but what concerns me is why is
"/etc/passwd" referenced within the traffic? is this some sort of
napster/gnutella exploit?

'/etc/passwd'P1%~'A$O@N!O2K.0W Z<'P;30F!Id]_'4@0frank
blacka'PP@`SCEP.&Eerin


probably just a random gnutella query. see for yourself:

        http://www.monkey.org/~dugsong/tmp/gnutsniff.c.txt

this isn't to discount the possibility of a real gnutella exploit, though
- see Seth McGann's recent BUGTRAQ post for some background info. i also
have a 'gnutsmurf' program i'm not releasing, but you get the idea...

-d.

http://www.monkey.org/~dugsong/

Current thread:

Bounced Messages [Mod FWD], (continued)
- - - Bounced Messages [Mod FWD] Lister, Justin (May 17)
    - Re: Bounced Messages [Mod FWD] Talisker (May 17)
    - IDS & SNMP Nuno Miguel Neves (May 17)
    - Re: IDS & SNMP Greg Shipley (May 18)
    - Re: IDS & SNMP Allen Leibowitz (May 19)
  - Bounced Message (Mod FWD) Lister, Justin (May 16)
    - Re: Bounced Message (Mod FWD) Jackie Chan (May 16)
    - Re: Bounced Message (Mod FWD) Jonas Eriksson (May 17)
    - RE: mouse trap + fight back! Klaus, Chris (ISSAtlanta) (May 17)
    - RE: mouse trap + fight back! Schawacker, Peter (ISSCalifornia) (May 16)
    - Re: Bounced Message (Mod FWD) Dug Song (May 17)