dugsongmonkey.org

• Next message: Schawacker, Peter (ISSCalifornia): "IDS: RE: mouse trap + fight back!"
• Previous message: Jackie Chan: "Re: IDS: Bounced Message (Mod FWD)"
• In reply to: Lister, Justin: "IDS: Bounced Message (Mod FWD)"
• Reply: Dug Song: "Re: IDS: Bounced Message (Mod FWD)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
On Mon, 15 May 2000, Network Security wrote:

> i have been seeing several instances of this with my ids, i think it
> maybe napster/gnutella activity, but what concerns me is why is
> "/etc/passwd" referenced within the traffic? is this some sort of
> napster/gnutella exploit?
>
> '/etc/passwd'P1%~'A$ON!O2K.0W Z<'P;30F!Id]_'40frank
> blacka'PP`SCEP.&Eerin

probably just a random gnutella query. see for yourself:

        http://www.monkey.org/~dugsong/tmp/gnutsniff.c.txt

this isn't to discount the possibility of a real gnutella exploit, though
- see Seth McGann's recent BUGTRAQ post for some background info. i also
have a 'gnutsmurf' program i'm not releasing, but you get the idea...

-d.

---
http://www.monkey.org/~dugsong/

• Next message: Schawacker, Peter (ISSCalifornia): "IDS: RE: mouse trap + fight back!"
• Previous message: Jackie Chan: "Re: IDS: Bounced Message (Mod FWD)"
• In reply to: Lister, Justin: "IDS: Bounced Message (Mod FWD)"
• Reply: Dug Song: "Re: IDS: Bounced Message (Mod FWD)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]