Security Incidents mailing list archives
Re: Probes to tcp 2766 ('System V Listner')
From: condor () SEKURE ORG (Thiago/c0nd0r)
Date: Fri, 28 Jan 2000 16:51:49 -0200
There's a buffer overflow in the nlps_server but only the x86 plataform is vulnerable to the attack, I guess. -condor
Over the last few days I have seen several probes to tcp port 2766 which various sources identify as 'System V Listner'. Yesterday some one probed all machines on our net with PRT record on this port. Does any one know anything about this service or why people are suddenly looking for systems that offer it?This is the Solaris Print Services port (NLPS). It is one of the ports routinely scanned by sscan, according to CERT (see http://www.cert.org/incident_notes/IN-99-01.html). There was some talk of a bof present in nlps_server through at least 2.5.1, but I'm not sure if it is/was widely exploited. RGF Robert G. Ferrell Internet Technologist National Business Center, US DoI Robert_G_Ferrell () nbc gov
Current thread:
- Re: Probes to tcp 2766 ('System V Listner') Robert G. Ferrell (Jan 27)
- source port 321 T.Esting (Jan 28)
- Re: source port 321 Robert Graham (Jan 28)
- Re: Probes to tcp 2766 ('System V Listner') Thiago/c0nd0r (Jan 28)
- source port 321 T.Esting (Jan 28)