lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: loonux at rediffmail.com (jakob donivan) Subject: Large-scale (spoofed?) tftp scan from 216.154.203.169 An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040715/edaa243b/attachment.html -------------- next part -------------- We are presently witnessing a seemingly large number of addresses in the 66.* network address range receiving tfp GET requests from 216.154.203.169. The requests are all similar to the following: 07/15-08:33:58.586343 216.154.203.169:41820 -> 66.xx.xx.xx:69 UDP TTL:237 TOS:0x0 ID:29801 IpLen:20 DgmLen:54 Len: 26 00 01 2F 2E 2E 2F 65 74 63 2F 70 61 73 73 77 64 ../../etc/passwd 00 6E 65 74 61 73 63 69 69 00 .netascii. The source address resolves back to: MyNetWatchman, LLC EDEL-203-168-29 (NET-216-154-203-168-1) 216.154.203.168 - 216.154.203.175 Given the nature of the scan I suspect that the source address is spoofed. L