solaris hack info required

["Mark Hollow" <mhollow () commercenti com>]

Hi,

Any help you can give me would be appreciated.

I've a Sun Netra X1 (Solaris 8) with a /var/adm/messages file full of these
messages at frequent but irregular intervals (approx every 5-10 seconds for
several hours).

Jun 24 03:43:02 jim bsd-gw[13276]: [ID 315218 lpr.error] Invalid protocol r
equest (66):
BBBXXXXXXXXXXXXXXXXXX%.156u%300$n%.21u%301$nsecurity%302$n%.192u%30
3$n111F1f1C]C]KMM1ECf]fE'MEEEMCCC1?A^u1FEMU/bin/sh
Jun 24 03:43:03 jim bsd-gw[13277]: [ID 315218 lpr.error] Invalid protocol r
equest (66):
BBB()*+XXXXXXXXXXXXXXXXXX%.232u%300$n%.199u%301$nsecurity.i%302$n%.
192u%303$n111F1f1C]C]KMM1ECf]fE'MEEEMCCC1?A^u1FEMU/bin/sh
Jun 24 03:43:03 jim bsd-gw[13278]: [ID 315218 lpr.error] Invalid protocol r
equest (66):
BBBHIJKXXXXXXXXXXXXXXXXXXsecurity%300$n%.167u%301$nsecurity.i%302$n
%.192u%303$n111F1f1C]C]KMM1ECf]fE'MEEEMCCC1?A^u1FEMU/bin/sh
Jun 24 03:43:03 jim bsd-gw[13279]: [ID 315218 lpr.error] Invalid protocol r
equest (66):
BBBXXXXXXXXXXXXXXXXXX%.136u%300$n%.41u%301$nsecurity%302$n%.192u%30
3$n111F1f1C]C]KMM1ECf]fE'MEEEMCCC1?A^u1FEMU/bin/sh
Jun 24 03:43:04 jim bsd-gw[13280]: [ID 315218 lpr.error] Invalid protocol r
equest (66):
BBBXXXXXXXXXXXXXXXXXX%.72u%300$n%.106u%301$nsecurit%302$n%.192u%303
$n111F1f1C]C]KMM1ECf]fE'MEEEMCCC1?A^u1FEMU/bin/sh

Do any of you recognise this? If so, what should I be looking for to see if
the hack was successful?

TIA,
Mark



----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com