| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: loonux at rediffmail.com (jakob donivan)
Subject: Large-scale (spoofed?) tftp scan from 216.154.203.169
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040715/edaa243b/attachment.html
-------------- next part --------------
We are presently witnessing a seemingly large number of addresses in
the 66.* network address range receiving tfp GET requests from
216.154.203.169. The requests are all similar to the following:
07/15-08:33:58.586343 216.154.203.169:41820 -> 66.xx.xx.xx:69
UDP TTL:237 TOS:0x0 ID:29801 IpLen:20 DgmLen:54
Len: 26
00 01 2F 2E 2E 2F 65 74 63 2F 70 61 73 73 77 64 ../../etc/passwd
00 6E 65 74 61 73 63 69 69 00 .netascii.
The source address resolves back to:
MyNetWatchman, LLC EDEL-203-168-29 (NET-216-154-203-168-1)
216.154.203.168 - 216.154.203.175
Given the nature of the scan I suspect that the source address is spoofed.
L
Powered by blists - more mailing lists