Hello all,my home network is composed by 2 linux machines,the number 1 is my
internet gateway-firewall who drives a dial-up connection to my ISP,
the number 2 is an AMPRNET (amateur radio packet radio network) server where
are running several services as HTTP on port 80;
linux machine 1 uses a tcp redirection of port 80 toward linux machine 2,
whenever I start a connection to my ISP,I see some HTTP connection attempts from
machine 1 to machine 2
(on reality attempts start from the infected external host).
Looking into machine 2's logs I see the following:
"GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXX
%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%
u9090%u8190%u00c3%u00
03%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 Content type:text/xml.
Content lenght:3379"
Then connection is closed by machine 2 that answers with:
<TITLE>BAD</TITLE> <H1> Bad request</H1> Reason:Invalid HTTP/0.9 request.
Wonder if have I to worry for something about my JNOS,filesystems integrity,
and/or even for possible virus broadcasting to other hosts from my system.
--
Regards,: Marco Calistri <[EMAIL PROTECTED]>
AMPRNET: [EMAIL PROTECTED]
gpg key available on http://www.qsl.net/ik5bcu
--
A hacker does for love what others would not do for money.
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
