[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Hacked?
- Subject: Re: [cobalt-users] Hacked?
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue Sep 24 06:49:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Tue, 24 Sep 2002, Dave Thurman (Mailing List Email) wrote:
> on 9/24/02 7:35 AM, Paul Warner stated:
>
> > [Tue Sep 24 03:01:12 2002] [error] [client xxx.xxx.xxx.xxx] client sent
> > HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
> > [Tue Sep 24 03:01:12 2002] [error] [client xxx.xxx.xxx.xxx] client sent
> > HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
> > [Tue Sep 24 03:01:12 2002] [error] [client xxx.xxx.xxx.xxx] client sent
> > HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
> > [Tue Sep 24 03:01:12 2002] [error] [client xxx.xxx.xxx.xxx] client sent
> > HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
The above are the Apache chunked exploit
> > [Tue Sep 24 03:01:20 2002] [error] mod_ssl: SSL handshake failed (server
> > yyy.yyy.yyy.yyy:443, client xxx.xxx.xxx.xxx) (OpenSSL library error follows)
> > [Tue Sep 24 03:01:20 2002] [error] OpenSSL: error:1406908F:SSL
> > routines:GET_CLIENT_FINISHED:connection id is different
> > [Tue Sep 24 03:01:21 2002] [notice] child pid 27426 exit signal Segmentation
> > fault (11)
>
> I could be wrong, but isn't this the slapper worm broadcasting?
>
I think you are correct! aAnd I could be wrong also!!!
look for /tmp/.bugtrac.c and /tmp/.bugtraq
Gerald
--
http://frontstreetnetworks.com | http://raqware.com
Front Street Networks LLC | Phone: +1 203-785-0699
229 Front Street, Ste. C, New Haven, CT. 06513-3203