From: "Henning P. Schmiedehausen" <mailgate@hometree.net>
To: linux-kernel@vger.kernel.org
Subject: Re: TRG vger.timpanogas.org hacked
Date: Tue, 5 Jun 2001 13:07:05 +0000 (UTC) [thread overview]
Message-ID: <9filhp$hj$1@forge.intermeta.de> (raw)
In-Reply-To: <20010604183642.A855@vger.timpanogas.org>
"Jeff V. Merkey" <jmerkey@vger.timpanogas.org> writes:
>is curious as to how these folks did this. They exploited BIND 8.2.3
Look below.
>to get in and logs indicated that someone was using a "back door" in
>Novell's NetWare proxy caches to perform the attack (since several
>different servers were used as "blinds" to get in).
There is AFAIK no known exploit to BIND 8.2.3 and I don't see why
anyone should use a "novell Netcache backdoor". If I'd want to hack
your box, I would use this:
% telnet vger.timpanogas.com 22
Trying 207.109.151.240...
Connected to vger.timpanogas.com.
Escape character is '^]'.
SSH-1.5-1.2.27
^]
telnet> quit
Well known exploits downloadable at any of the better hacking sites.
>We are unable to determine just how they got in exactly, but they
>kept trying and created an oops in the affected code which allowed
>the attack to proceed.
Come on, you can't be _that_ blind. Either you didn't install all your
vendor recommended updates or you installed self rolled programs and
got caught.
You even get connects on the telnet port (no daemon, though), so you
either have a hosts.allow (which _is_ spoofable) or a non-cleaned up
[x]inetd.conf which means you didn't harden your box for Internet
usage.
If you don't prepare your box for a hostile environment, you get
hit. First law of the Internet.
Regards
Henning
--
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer
INTERMETA - Gesellschaft fuer Mehrwertdienste mbH hps@intermeta.de
Am Schwabachgrund 22 Fon.: 09131 / 50654-0 info@intermeta.de
D-91054 Buckenhof Fax.: 09131 / 50654-20
next prev parent reply other threads:[~2001-06-05 13:07 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-06-05 1:36 TRG vger.timpanogas.org hacked Jeff V. Merkey
2001-06-05 7:05 ` Alan Cox
2001-06-05 10:14 ` Daniel Roesen
2001-06-05 14:10 ` Michael H. Warfield
2001-06-05 18:30 ` Jeff V. Merkey
2001-06-05 18:42 ` Michael H. Warfield
2001-06-05 13:07 ` Henning P. Schmiedehausen [this message]
2001-06-05 13:41 ` Daniel Roesen
-- strict thread matches above, loose matches on Subject: below --
2001-06-05 10:33 Randal, Phil
2001-06-05 11:07 ` Matti Aarnio
2001-06-05 17:19 ` Brian Wellington
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='9filhp$hj$1@forge.intermeta.de' \
--to=mailgate@hometree.net \
--cc=hps@intermeta.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox