Soo look what I find in my CUPS log...

NickK · 21 Feb 2010 at 17:03

E [13/Feb/2010:10:27:13 +0000] Request for non-absolute resource "/../../../../../../../etc/passwd"!
E [13/Feb/2010:10:27:13 +0000] Unable to encrypt connection from localhost - SSL protocol error (-9800)
E [13/Feb/2010:10:27:13 +0000] cupsdAuthorize: pam_authenticate() returned 9 (authentication error)!
E [13/Feb/2010:10:27:13 +0000] cupsdAuthorize: pam_authenticate() returned 9 (authentication error)!
E [13/Feb/2010:10:27:13 +0000] Unable to encrypt connection from localhost - SSL protocol error (-9800)
E [13/Feb/2010:10:27:13 +0000] Bad URI "CONNECT/0.6" in request!
E [13/Feb/2010:10:27:13 +0000] Bad URI "CONNECT/0.4" in request!
E [13/Feb/2010:10:27:13 +0000] Bad URI "." in request!
E [13/Feb/2010:10:27:26 +0000] Unable to encrypt connection from localhost - SSL protocol error (-9800)
E [13/Feb/2010:10:27:26 +0000] Unable to encrypt connection from localhost - SSL protocol error (-9800)
E [13/Feb/2010:10:27:26 +0000] Unable to encrypt connection from localhost - SSL protocol error (-9800)
E [13/Feb/2010:10:27:26 +0000] Unable to encrypt connection from localhost - SSL protocol error (-9800)
E [13/Feb/2010:10:27:26 +0000] Unable to encrypt connection from localhost - SSL protocol error (-9800)
E [13/Feb/2010:10:27:26 +0000] Unable to encrypt connection from localhost - SSL protocol error (-9800)
E [13/Feb/2010:10:27:26 +0000] Unable to encrypt connection from localhost - SSL protocol error (-9800)
E [13/Feb/2010:10:27:26 +0000] Unable to encrypt connection from localhost - SSL protocol error (-9800)
E [13/Feb/2010:10:27:27 +0000] cupsdAuthorize: pam_authenticate() returned 9 (authentication error)!
E [13/Feb/2010:10:27:27 +0000] Bad URI "..\..\..\..\..\..\windows\win.ini" in request!
E [13/Feb/2010:10:27:27 +0000] Bad URI "..\..\..\..\..\..\winnt\win.ini" in request!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "//../../../../../../windows/win.ini"!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "//../../../../../../winnt/win.ini"!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "/../../../../../windows/win.ini"!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "/../../../../../winnt/win.ini"!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "/././././././../../../../../windows/win.ini"!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "/././././././../../../../../winnt/win.ini"!
E [13/Feb/2010:10:27:27 +0000] Bad URI ".\.\.\.\.\.\.\.\.\.\/windows/win.ini" in request!
E [13/Feb/2010:10:27:27 +0000] Bad URI ".\.\.\.\.\.\.\.\.\.\/winnt/win.ini" in request!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "/scripts/fake.cgi?arg=/dir/../../../../../../../../../../../windows/win.ini"!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "/scripts/fake.cgi?arg=/dir/../../../../../../../../../../../winnt/win.ini"!
E [13/Feb/2010:10:27:27 +0000] Bad URI "../../../../../../etc/passwd" in request!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "/../../../../../../../../../etc/passwd"!
E [13/Feb/2010:10:27:27 +0000] Bad URI "//../../../../../../../../../etc/passwd" in request!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "/../../../../../etc/passwd"!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "/././././././../../../../../etc/passwd"!
E [13/Feb/2010:10:27:27 +0000] Request for non-absolute resource "/scripts/fake.cgi?arg=/dir/../../../../../../etc/passwd"!
E [13/Feb/2010:10:27:28 +0000] Bad URI "%." in request!
E [13/Feb/2010:10:27:28 +0000] Bad URI "<script>document.cookie=%22testmadz=6576;%22</script>" in request!
E [13/Feb/2010:10:27:28 +0000] Bad URI "<meta%20http-equiv=Set-Cookie%20content=%22testmadz=6576%22>" in request!
E [13/Feb/2010:10:27:28 +0000] Bad URI "//BtZnN3WN.asp" in request!
E [13/Feb/2010:10:27:28 +0000] Bad URI "c:\boot.ini" in request!
E [13/Feb/2010:10:27:29 +0000] Bad URI "<script>cross_site_scripting.nasl</script>" in request!
E [13/Feb/2010:10:27:29 +0000] Bad URI "<IMG%20SRC="javascript:alert(cross_site_scripting.nasl);">" in request!
E [13/Feb/2010:10:27:34 +0000] Request for non-absolute resource "/note.txt?F_notini=&T_note=&nomentreprise=blah&filenote=../../windows/win.ini"!
E [13/Feb/2010:10:27:34 +0000] Request for non-absolute resource "/note.txt?F_notini=&T_note=&nomentreprise=blah&filenote=../../winnt/win.ini"!

Hmmm, time to disable CUPS too

Nessus

PardonTheWait · 21 Feb 2010 at 17:14

That means absolutely nothing to me, possibly less.

Explain?

Hotwired · 21 Feb 2010 at 17:35

It's not meant to be mumbling about windows stuff?

NickK · 21 Feb 2010 at 18:11

PardonTheWait said:
That means absolutely nothing to me, possibly less.

Explain?

All those are effort by Nessus (which I remembered I pointed to this machine at one point) but they're automated hacking attempts on the CUPS webserver port.

The win.ini and passwd etc are all attempts to gain access to system files.

PardonTheWait · 21 Feb 2010 at 20:21

They're trying to hack the machine because it thinks it's a Windows box?

NickK · 21 Feb 2010 at 20:39

PardonTheWait said:
They're trying to hack the machine because it thinks it's a Windows box?

Initially that what I thought - then I remembered I ran nessus against it. Nessus is an automated security tool which attempts known ways of hacking hence both the ini (windows) and passwd (unix) attempts.

Feek · 21 Feb 2010 at 20:40

So you were hacking yourself and didn't realise it?

/me giggles