[Wlug] Someone's hammering....

Peter Gutowski peter@linuxchamps.com
22 Jun 2001 10:29:38 -0400


I recently installed logcheck on my RH 7.0 systems and have been comforted and possibly entertained by how well it works. However this morning I started getting lengthy messages indicating what appears to be somebody trying to break in via a buffer overrun. I get this...

Security Violations
=-=-=-=-=-=-=-=-=-=
Jun 22 05:17:53 host SERVER[18075]: Dispatch_input: bad request line '.....

followed by a lot of binary bytes ending in "/bin/sh"

I've ad a couple "spurts" of this already today on two different systems; lasting about 2 minutes and then dissappearing.

I'm guessing that whoever is trying this is [so far] being kept out, but I guess I'd like to know what is being hammered on as "SERVER" doesn't provide much help. Any ideas?

-- 
Peter Gutowski <peter@linuxchamps.com> // tel.: (413) 587-3957 

"When in company, put not your hands to any part of the body not usually discovered."  --George Washington, _Rules for Civility and Decent Behavior_