[Snort-users] RE: 515/tcp scans on the rise
PatrickP at ...820...
Mon Nov 20 12:27:39 EST 2000
I had been showing a bunch of these scans also.
But upon further inspection it seems to be the looking for this
WinCom LPD Dos attack for some of the machines I have shown scans for.
From: bel1 at ...358... [mailto:bel1 at ...358...]
Sent: Monday, November 20, 2000 12:15 PM
To: cec at ...68...; snort-users at lists.sourceforge.net; dr at ...381...
Subject: Re: [Snort-users] RE: 515/tcp scans on the rise
about 4 or 5 months ago there was a couple of printer
buffer overflow reported for Solaris 2.6, 7 &
I think 8, which required a printer server on
the network of the box to be exploited. Named
lpset & netpr. They give root priveledge.
I downloaded the c code and tested. It works
against 2.6 with kernel patch levels less than
105181-21, and 2.7 below 106541-12. Don't know
the patch level for 2.8 but if you have the latest
patch level you are safe from those 2 exploits.
They work by bouncing a packet off of the print
server back to the system to be exploited.
Could be a new one tho.
Snort-users mailing list
Snort-users at lists.sourceforge.net
More information about the Snort-users