[Wolves] whats this?
Steve Parkes
sparkes at westmids.biz
Wed Oct 19 07:56:21 BST 2005
roundyz wrote:
>
> Attempts to use 1 known hacks were logged 8 time(s)
> \\x90\\x90\\x90\\x90 by
> 82.37.228.35 2 time(s)
> 82.37.79.29 2 time(s)
> 82.37.226.46 2 time(s)
> 82.37.193.73 2 time(s)
>
I didn't notice this bit first time.
it's a buffer overflow attempt. The x90 instruction is noop (no
operation) in x86 and it's a slide it keeps nooping through the
instructions until it hits paydirt at the end the shell code exploit.
Read 'smashing the stack for fun and profit' for a quick run down on how
these work.
This is probably a naughty bot looking for servers to exploit. If you
are up to date it's nothing to worry about.
I have (to the best of my knowledge) ever been caught out by one of
these exploits on a web server as most of them exploit eons old code.
sparkes
More information about the Wolves
mailing list