From owner-freebsd-security@FreeBSD.ORG  Mon Jan 12 10:33:28 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id E4EDE16A4CE; Mon, 12 Jan 2004 10:33:28 -0800 (PST)
Received: from gs166.sp.cs.cmu.edu (GS166.SP.CS.CMU.EDU [128.2.205.169])
	by mx1.FreeBSD.org (Postfix) with SMTP
	id B3E0343D39; Mon, 12 Jan 2004 10:33:27 -0800 (PST)
	(envelope-from dpelleg@gs166.sp.cs.cmu.edu)
Sender: dpelleg@gs166.sp.cs.cmu.edu
To: Robert Watson <rwatson@freebsd.org>
References: <Pine.NEB.3.96L.1040110214520.2696D-100000@fledge.watson.org>
From: Dan Pelleg <daniel+bsd@pelleg.org>
Date: 12 Jan 2004 13:33:18 -0500
In-Reply-To: <Pine.NEB.3.96L.1040110214520.2696D-100000@fledge.watson.org>
Message-ID: <u2sisjh2f0x.fsf@gs166.sp.cs.cmu.edu>
Lines: 27
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailman-Approved-At: Tue, 13 Jan 2004 01:48:41 -0800
cc: freebsd-security@freebsd.org
cc: David Edwards <david@deassociates.com>
Subject: Re: Need some help on security
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jan 2004 18:33:29 -0000

Robert Watson <rwatson@freebsd.org> writes:

> On Sat, 10 Jan 2004, David Edwards wrote:
> 
> > Anyway, on to the question, lastnight, the server stopped responding
> > after someone tried to gain access to what looks to be web based
> > printing. I am not familiar with any firewall/IDS solutions and have
> > looked over Snort and IPFW today. I don't want to do IPFW because I
> > don't want to recompile a kernel that works and potentially lose
> > everything I have done so far. Here is a bit of the apache error_log
> > which shows the issue i am refering to: 
> > 
> > [Sat Jan 10 01:34:04 2004] [error] [client 211.233.89.189] File does not
> > exist: /usr/home/dbcenter/public_html/NULL.printer
> > [Sat Jan 10 01:34:04 2004] [error] [client 211.233.89.189] File does not
> > exist: /usr/local/apache/htdocs/NULL.printer
> 
> Well, these log entries are for attempted exploits of Microsoft's IIS, and
> shouldn't be a problem.  The error messages can safely be ignored.
> 

Agreed. They can also be sent in a complaint to the appropriate admin. See
the security/hunch port.

-- 

  Dan Pelleg