Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 01 Feb 1999 23:23:24 -0800
From:      Ludwig Pummer <ludwigp@bigfoot.com>
To:        junkmale@xtra.co.nz, freebsd-security@FreeBSD.ORG
Subject:   Re: what were these probes?
Message-ID:  <4.1.19990201231707.00a17c30@mail-r>
In-Reply-To: <19990202055804.YRQY682101.mta1-rme@wocker>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 09:58 PM 2/1/99 , Dan Langille wrote:
>Hi folks,
>
>Tonight I found these entries in my log files.  What were they looking 
>for?  Was this a spammer looking for exploits?

It looks like it. Probably just some script kiddie. A lot of the holes
being checked for have been publicly known for a while, so folks in charge
of security have fixed them already (or at least, they should have).

>http:
>
>ns.cvvm.com - - [02/Feb/1999:17:34:28 +1300] "GET /cgi-bin/phf HTTP/1.0" 
>404 164

The apache docs refer to a phf security hole in an early version

>ns.cvvm.com - - [02/Feb/1999:17:34:31 +1300] "GET /cgi-bin/php.cgi 
>HTTP/1.0" 404 168

The PHP docs warn that an improperly configured PHP can let web visitors
read any world-readable file on your system.

>ns.cvvm.com - - [02/Feb/1999:17:34:43 +1300] "GET /cgi-bin/wwwboard.pl 
>HTTP/1.0" 404 172

There was a known security hole in one of the web-based message boards.
Don't know if it was wwwboard.
>telnet:
>
>Feb  2 17:34:20 ns telnetd[29665]: refused connect from ns.cvvm.com
>Feb  2 17:34:20 ns telnetd[29667]: refused connect from ns.cvvm.com

That looks like it's not legitimate.

>sendmail:
>
>Feb  2 17:34:25 ns sendmail[29666]: NOQUEUE: Null connection from 
>root@ns.cvvm.com [139.142.106.131]
>Feb  2 17:34:51 ns sendmail[29668]: NOQUEUE: Null connection from 
>root@ns.cvvm.com [139.142.106.131]

Ditto.

There's all sorts of jerks out there looking for some fun. I get at least
one or two folks a night knocking on my POP3, IMAP, or Netbios ports.

--Ludwig Pummer ( ludwigp@bigfoot.com )
ICQ UIN: 692441 (  ludwigp@email.com  )

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990201231707.00a17c30>