OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Michael Scheidell (scheidellFDMA.COM)
Date: Thu Aug 30 2001 - 11:12:42 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    > does anybody know of a new worm taking rounds out there? I keep getting
    >
    > 2001-08-23 16:37:51 x.x.x.x - x.x.x.x 80 GET /NULL.printer - 404 -
    >
    > requests more and more often. It begun a couple of days ago. All machines
    > sending these to mine are win2k machines. doesn't look like kids probing -
    > it looks more organized.

    I looked and don't see any probes like that, also 'snort' doesnot have
    any signatures that match that.

    Could be another attempt to exploit the default lpd setting for win2k
    server? 

    --
Michael Scheidell
Florida Datamation, Inc.
scheidellfdma.com 1+(561) 368-9561
Internet Security and Consulting
See updated IT Security News at http://www.fdma.com/
After system Compromise : http://www.cert.org/tech_tips/

    _____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net