[21584] in North American Network Operators' Group
Re: Exodus: this is bad
daemon@ATHENA.MIT.EDU (Edward S. Marshall)
Mon Nov 16 22:36:27 1998
Date: Mon, 16 Nov 1998 20:34:00 -0600 (CST)
From: "Edward S. Marshall" <emarshal@logic.net>
To: Richard Irving <rirving@onecall.net>
Cc: nanog@merit.edu
In-Reply-To: <3650D29F.CAC19A49@onecall.net>
On Mon, 16 Nov 1998, Richard Irving wrote:
> This appears to be a concerted effort. This type of attack
> is propogating to new origin IP's by the hour. There seems to
> be a pattern forming....
Has anyone considered that this might be a worm?
The attacked hosts have all exhibited the same characteristics: stock Red
Hat 5.1 install, running (probably) the stock named that came with it,
which is a known vulnerable bind release. There are a -lot- of these boxen
out there.
Plus, the mechanical attacks on particular ports.
This sounds fairly automated to me...but hey, what do I know? ;-)
--
Edward S. Marshall <emarshal@logic.net> /> Who would have thought that we -o)
http://www.logic.net/~emarshal/ // would be freed from the Gates of /\\
Linux Weenie, Open-Source Advocate </ hell by a penguin named "Tux"? _\_v
