[57559] in North American Network Operators' Group
nph-traceroute
daemon@ATHENA.MIT.EDU (Karyn Ulriksen)
Mon Apr 14 13:49:53 2003
From: Karyn Ulriksen <Karyn@Broadspire.com>
To: nanog@nanog.org
Date: Mon, 14 Apr 2003 10:45:49 -0700
Errors-To: owner-nanog-outgoing@merit.edu
Hi All,
I know that there are quite a few of you out there that are using the
nph-traceroute scripts on your servers. A script kiddie has discovered that
it's a vulnerable script and is actively search through Google for sites
that are using this. It's kind of stupid because he just has www
priveleges, but it has proved to be annoying. I know I should have plugged
mine a while back and had planned to, but you know... the cobbler's
children are barefoot and the shrink's wife is crazy.
If you need a handy regex for checking if your perl based nph-traceroute
or nph-ping is getting a domain or IP, let me know, I'll be happy to send it
your way. The guy didn't think twice about doing a rm -rf / on all the
website user/group content. Check your logs for quiet.unixman.org.
Karyn
