OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: IDS: Bounced Message (Mod FWD)
From: Lister, Justin (justin.listercsfb.com)
Date: Tue May 16 2000 - 08:59:12 CDT

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
1. very odd traffic...napster?, Network Security <NSECURITYTASC.USDA.GOV>

____________________________________________________________________________
______________________

Date: Mon, 15 May 2000 12:42:40 -0600
From: Network Security <NSECURITYTASC.USDA.GOV>
To: idsuow.edu.au
Subject: very odd traffic...napster?
Message-Id: <s91ff134.047TASC.USDA.GOV>

i have been seeing several instances of this with my ids, i think it maybe
napster/gnutella activity, but what concerns me is why is "/etc/passwd"
referenced within the traffic? is this some sort of napster/gnutella
exploit?

QT,LDJf;f'7die krupps'P]r`!~ozSBkv\'5DESTcakewalk
serial'!jR`gM1IK}#`rzXr'Zber
ykah badu
'/etc/passwd'P1%~'A$ON!O2K.0W Z<'P;30F!Id]_'40frank
blacka'PP`SCEP.&Eerin bu+B
`TE`SCEYua4n,PTVWS*.mpg]%Ps,FKH'H>52MOf`>P]A'1Devil's
Advocate9(`'iYm4&e^8=
jf"B`u6*.vbs
z'Vk:trvm')A'DESTna'7DESTap?\')w<KH'OD&AP(I-q:'>
babe mpbu'`_U8'PyPlaymate
-'g(e(T8'Pmcold fusion(ixthrowing
muses(`'iYm4&e^8=D''iitruelove4FH'q>W:A%'M~S
&'DEST0o,OuK>e&'QdM'9,<bI?P]AGh&}l`VY'. .K7'&u
*6A'kTooye`)KB'i'PxN<!RTB
'!jR`gM1IK}#`r\2"'y}ugW!h&(P5bW'PjI&P)wt1X'X'BPjdkNfrem9'sDEST+s^KHz:(An
syncs
O'`nFT('HPo'!jR`gM1IK}#`r6&Pk&"s<_fR*D'YE2pricelessU;'
'
Tim O'Brien;qU'Mvegas pro`'uZBcabaret voltairejh>'2kissQT,LDJf;f'7die
krupps'P]r
`!~ozSBkv\'5DESTcakewalk serial'!jR`gM1IK}#`rzXr'Zberykah badu
'/etc/passwd'P1%~'A$ON!O2K.0W Z<'P;30F!Id]_'40frank
blacka'PP`SCEP.&Eerin bu+B
`TE`SCEYua4n,PTVWS*.mpg]%Ps,FKH'H>52MOf`>P]A'1Devi'P]r`!~ozJ>'cUsGR'P+
Fe{
)b_HQ'$)HyF+h7qe[j{4NgNi<p_PN,M/' Ui!xC(=s#K'|
x*Q;p0HWT*YCthursday(1
+Yxp&tO6:$56>Y''
quicktime''geCdqL~DDZNpuRM5'zU<'cU(`'iYm4&e^8=Y~`'pFsby'P$pe<2Bshut em
down`;'
5Su}Z'`,c,'D` D=,r3q'HThjLOdo0AFKH'H>5deftonesLwGB_'3bpm
studioB^'yZh'XBBqGA
YPxxx &1 mpg5FH'q`f+
-A0=Q'PCILzwNpuRM5'(`'iYm4&e^8=M>'<}=1H|/dHQM
-$ 'DESTtea'
#qeverquest0 OT~^ K
OFoE4*'Zh`lAP9^\?'5`W-(`'iYm4&e^8=d2R'*t`HP&
91:-Mjq'Ox`5-''[?`5$$HTk&)S^1;G'C
mint{]<'cU}P'D.mpgp'xO/m:)Kz$kournikova
nude_GM'.Oorgasm*.wavTCI'$0take it out on
 youjk6 ~bU>7H]phantom menacezu'W}".zip"%'M~b
'DESTm'P&8Fs'~'XPjenna jamesonKi_'
yPa`' xfIcD=b
K^`!PP$Y*gGYP^'2*(,P'^&=0QH)-.YMEE'Pkblink
182c_''<GH'DEST:AI[
Kv_>6BLg')Icelebs nudeYKcyZNpuRM5']' xZ0QH)-.6FH'q bl
KA.'xyatI4gR3fn78'BP8
limp bizkitC'v*$(`'iYm4&e^8=K0q'A"nY)p7II/eb{,*Z'~DESTorgy
mpg0yU''I/wXl){}k'\P
d^june christyg0>zGmusic videojT'P>kjameson jpg
____________________________________________________________________________
______________________
END

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. CREDIT SUISSE GROUP and each of its subsidiaries each reserve
the right to monitor all e-mail communications through its networks. Any
views expressed in this message are those of the individual sender, except
where the message states otherwise and the sender is authorised to state
them to be the views of any such entity.