[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0401051408590.15264-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: Patched Solaris Boxes being Hacked??
Any system this day in age to get hacked via finger, rpc and/or ftp can
not be considered to have been patched nor secured in any real manner,
thus these were exposed systems without security measures in place, and as
susceptable <almost> as any default widowns system one just got for x-mas
and exposed without patches and anti-viri software and secureity measures
taken to lock them down.
Thanks,
Ron DuFresne
On Mon, 5 Jan 2004, Compton, Rich wrote:
> Anyone out there have more information on ISC's reports of patched Solaris
> boxes being compromised? Here's the quote from the Incident Handler's Diary
> for today:
>
> "Solaris 8 Hacks. We've received a few reports of significant intrusions
> into networks of patched Solaris 8 machines. Initial analysis indicates what
> appears to be a multi-vector attack, using finger, rpcbind, and ftp. In one
> network, the systems that got broken into did not have tcpwrappers installed
> nor did they have the rpcbind from Wietse Venema and Casper Dik that has
> tcpwrapper support. However, there were Solaris 8 systems in the same
> machine room that are behind on patches, but have tcp wrappers installed and
> they were not broken into. If there have been other cases of similar
> intrusions in the past few days, the Storm Center would like to hear about
> it."
>
> -Rich Compton
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists