If you would like to do them, why not enabling those kernel option (rp_filter, syn_cookie, whatever) and play it with iptables? -- k h a o s * lamer new name, new look, new ftp: linuxxxxx.dyn.dhs.org (change FOUR letter) upload something before downloading, or your class C IP banned. ----- Original Message ----- From: "Moe Harley" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Sunday, July 01, 2001 10:39 AM Subject: Re: new exploit - ping/137/27374 ?
> What do the ping/syn packets look like? Perhaps > a specific IDS rule can be thrown together for them? > > -Moeser > > ----- Original Message ----- > From: JonesMB <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Friday, June 29, 2001 1:30 PM > Subject: new exploit - ping/137/27374 ? > > > > is there a new exploit script that starts with a ping, followed by > attempts > > at connecting to port 137, followed by 27374. I have seen a big increase > > in this in my ipchains logs this week. I have also noticed that attempts > > at port 111 have almost disappeared. > > > > jmb > > > > PS - before any educates me on the port numbers being used in the > attempts, > > I know that 111 is for RPC exploits, 137 is for Netbios SMB and 27374 is > > for SubSeven. > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
