[40849] in North American Network Operators' Group
Re: resolved Re: should i publish a list of cracked machines?
daemon@ATHENA.MIT.EDU (Kevin Houle)
Thu Aug 23 13:42:22 2001
Date: Thu, 23 Aug 2001 13:41:42 -0400
From: Kevin Houle <kjh@cert.org>
To: Jim Mercer <jim@reptiles.org>, nanog@merit.edu
Message-ID: <29670000.998588502@corydoras.blue.cert.org>
In-Reply-To: <20010823123921.D10630@reptiles.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="==========876740887=========="
Errors-To: owner-nanog-outgoing@merit.edu
--==========876740887==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
--On Thursday, August 23, 2001 12:39:21 -0400 Jim Mercer <jim@reptiles.org> =
wrote:
> my suspicions and some things to look for:
>
> - boxes were comprimised using the buffer overflow in telnetd
> (speculation)
The CERT/CC is aware of some level of automated exploitation of
the recently described telnetd vulnerability. If folks have yet
to patch systems for that particular vulnerability, it would be
a good thing to spend time doing. We've seen it used to deploy
DDoS-capable tools, for example.
More info on the vulnerability at:
http://www.kb.cert.org/vuls/id/745371
Kevin
--==========876740887==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7hUBau/NTC+XTbEkRAlwTAKCC74n5cY4kD6MUZV+96+c9ANJMFwCfVjr+
VqY9x9ZMlYARMPbZsPGeeLc=
=GJ0H
-----END PGP SIGNATURE-----
--==========876740887==========--
