httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Darin Holloway" <jdhollo...@blue.net>
Subject Re: log entry sign of hacker?
Date Mon, 11 Mar 2002 19:12:48 GMT
Could be a buffer overflow attempt, but it doesn't have the tell-tale signs
an MS directed attack (looking for root.exe, MSADC/scripts directory).  The
gethostbyname error is interesting, possibly a bum c library?  Might try
recompiling/getting fresh binaries and see if the problem goes away.


John Darin Holloway
Bluegrass Network, LLC


----- Original Message -----
From: "Lazor, Ed" <ELazor@providence.org>
To: <users@httpd.apache.org>
Sent: Monday, March 11, 2002 01:26 PM
Subject: log entry sign of hacker?


> Anyone know what this is?  I've seen it showing in Apache's logs a few
times
> and I'm wondering what it is.  Thanks for any information you can help
> provide in terms of what it is and what I can to make sure I'm protected.
> -Ed
>
>
> Mar  6 04:37:49 castle rpc.statd[757]: gethostbyname error for
>
(÷ÿ¿(÷ÿ¿)÷ÿ¿)÷ÿ¿*÷ÿ¿*÷ÿ¿+÷ÿ¿+÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%252x%n%121x%n%10
>
x%n%192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
>
20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
>
20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
>
20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
>
20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
>
20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
>
20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
>
20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
>
20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
>
20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
>
20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
> 20\220\220\220\220\220\220\220\220\220\220\220\220\220
>
>
****************************************************************************
> This message is intended for the sole use of the individual and entity to
> whom it is addressed, and may contain information that is privileged,
> confidential and exempt from disclosure under applicable law.  If you are
> not the intended addressee, nor authorized to receive for the intended
> addressee, you are hereby notified that you may not use, copy, disclose or
> distribute to anyone the message or any information contained in the
> message.  If you have received this message in error, please immediately
> advise the sender by reply email and delete the message.  Thank you very
> much.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message