[Wlug] Someone's hammering....
22 Jun 2001 10:29:38 -0400
I recently installed logcheck on my RH 7.0 systems and have been comforted and possibly entertained by how well it works. However this morning I started getting lengthy messages indicating what appears to be somebody trying to break in via a buffer overrun. I get this...
Jun 22 05:17:53 host SERVER: Dispatch_input: bad request line '.....
followed by a lot of binary bytes ending in "/bin/sh"
I've ad a couple "spurts" of this already today on two different systems; lasting about 2 minutes and then dissappearing.
I'm guessing that whoever is trying this is [so far] being kept out, but I guess I'd like to know what is being hammered on as "SERVER" doesn't provide much help. Any ideas?
Peter Gutowski <firstname.lastname@example.org> // tel.: (413) 587-3957
"When in company, put not your hands to any part of the body not usually discovered." --George Washington, _Rules for Civility and Decent Behavior_