Intrusion Detection Systems mailing list archives

Bounced Messages [Mod FWD]

From: justin.lister () csfb com (Lister, Justin)
Date: Thu, 18 May 2000 02:47:37 +0800


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
Contents:
1. port5556, Systems Design Laboratory <valdes () csl sri com>
2. Re:  very odd traffic...napster?, Darren Reed <darrenr () reed wattle id au>
________________________________________________________________

Message-ID: <39218B13.396DA770 () sdl sri com>
Date: Tue, 16 May 2000 10:53:22 -0700
From: Systems Design Laboratory <valdes () csl sri com>
Reply-To: valdes () csl sri com
Organization: SRI International
To: idsuow <ids () uow edu au>
Subject: port 5556

Recently saw a sweep of our IP adresses, all attempts to connect to port
5556. Has anyne seen this? My references list no exploits associated
with this port.

-Al
________________________________________________________________

From: Darren Reed <darrenr () reed wattle id au>
Message-Id: <200005161647.CAA03782 () avalon reed wattle id au>
Subject: Re: IDS: Bounced Message (Mod FWD)
To: NSECURITY () TASC USDA GOV
Date: Wed, 17 May 2000 02:47:43 +1000 (EST)
Cc: ids () uow edu au

Date: Mon, 15 May 2000 12:42:40 -0600
From: Network Security <NSECURITY () TASC USDA GOV>
To: ids () uow edu au
Subject: very odd traffic...napster?
Message-Id: <s91ff134.047 () TASC USDA GOV>

i have been seeing several instances of this with my ids, i think it maybe
napster/gnutella activity, but what concerns me is why is "/etc/passwd"
referenced within the traffic? is this some sort of napster/gnutella
exploit?

[...]

Do you have a binary sample of that data which you can send to us in
hex ?  I'm pretty sure that we're missing a large % of bytes there
which don't fall into the "printable" category.

Darren
________________________________________________________________

This message is for the named person's use only.  It may contain 
confidential, proprietary or legally privileged information.  No 
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender.  You must not, directly or indirectly, use, disclose, distribute, 
print, or copy any part of this message if you are not the intended 
recipient. CREDIT SUISSE GROUP and each of its subsidiaries each reserve
the right to monitor all e-mail communications through its networks.  Any
views expressed in this message are those of the individual sender, except
where the message states otherwise and the sender is authorised to state 
them to be the views of any such entity.

Current thread:

Sorry..., (continued)
- Sorry... Johann van Duyn (May 04)
- VBS.LoveLetter.A.html Johann van Duyn (May 04)
- Secure time sync and IDS Lawrence Teo (May 11)
  - Re: Secure time sync and IDS Stuart Staniford (May 11)
  - Introduction... balcra (May 12)
  - Network Intrusion Detection System (NIDS) ajim de' great (May 14)
  - mouse trap + fight back! ajim de' great (May 15)
    - Re: mouse trap + fight back! Inno Eroraha (May 16)
    - Re: mouse trap + fight back! John D. Burkett (May 16)
    - RE: mouse trap + fight back! Glenn Williamson (May 17)
    - Bounced Messages [Mod FWD] Lister, Justin (May 17)
    - Re: Bounced Messages [Mod FWD] Talisker (May 17)
    - IDS & SNMP Nuno Miguel Neves (May 17)
    - Re: IDS & SNMP Greg Shipley (May 18)
    - Re: IDS & SNMP Allen Leibowitz (May 19)
  - Bounced Message (Mod FWD) Lister, Justin (May 16)
    - Re: Bounced Message (Mod FWD) Jackie Chan (May 16)
    - Re: Bounced Message (Mod FWD) Jonas Eriksson (May 17)
    - RE: mouse trap + fight back! Klaus, Chris (ISSAtlanta) (May 17)
    - RE: mouse trap + fight back! Schawacker, Peter (ISSCalifornia) (May 16)
    - Re: Bounced Message (Mod FWD) Dug Song (May 17)