[SunHELP] bsd-gw[910]: Invalid protocol request (66)
Mike Meredith
sunhelp at sunhelp.org
Wed Apr 4 13:54:45 CDT 2001
Hi
On Wednesday 04 April 2001 17:11, you wrote:
> At 10:54 AM 4/4/01 -0600, you wrote:
> >Hi, several hundred of these console messages (per computer) showed
> > up on about half (7)
> >of our Solaris2.6 & 2.7 machines last night. Not all were at the
> > same time and it appears that the string echoed changes for each
> > instance.
> >
> >Apr 4 00:27:11 pic bsd-gw[9108]: Invalid protocol request (66):
> >BBBXXXXXXXXXXXXXXXXXX%.72u%300$n%.106u%301$nsecurit%302$n%.1
> >92u%303$n111F1f1C]C]KMM1ECf]fE'MEEEMCCC1?A^u1FEMU/bin/sh
Anything funny with /bin/sh is usually an attempt at an exploit. I
suspect that it's an x86 Linux exploit --- I'm seeing a lot of them at
the moment, and yes that does include SPARC boxes. I suspect that it's
one of the Linux worms out there.
More information about the SunHELP
mailing list