Re: new exploit - ping/137/27374 ?
If you would like to do them, why not
enabling those kernel option (rp_filter, syn_cookie, whatever)
and play it with iptables?
k h a o s * lamer
new name, new look, new ftp:
linuxxxxx.dyn.dhs.org (change FOUR letter)
upload something before downloading, or your class C IP banned.
----- Original Message -----
From: "Moe Harley" <firstname.lastname@example.org>
Sent: Sunday, July 01, 2001 10:39 AM
Subject: Re: new exploit - ping/137/27374 ?
> What do the ping/syn packets look like? Perhaps
> a specific IDS rule can be thrown together for them?
> ----- Original Message -----
> From: JonesMB <email@example.com>
> To: <firstname.lastname@example.org>
> Sent: Friday, June 29, 2001 1:30 PM
> Subject: new exploit - ping/137/27374 ?
> > is there a new exploit script that starts with a ping, followed by
> > at connecting to port 137, followed by 27374. I have seen a big
> > in this in my ipchains logs this week. I have also noticed that
> > at port 111 have almost disappeared.
> > jmb
> > PS - before any educates me on the port numbers being used in the
> > I know that 111 is for RPC exploits, 137 is for Netbios SMB and 27374 is
> > for SubSeven.
> > --
> > To UNSUBSCRIBE, email to email@example.com
> > with a subject of "unsubscribe". Trouble? Contact
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact