[707] in Intrusion Detection Systems
Re: rootkit and other bits'n'pieces.
daemon@ATHENA.MIT.EDU (brian)
Fri Jul 5 15:44:15 1996
Date: Mon, 01 Jul 1996 04:09:23 -0500
From: brian <brianc@telepath.com>
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
Paul Danckaert wrote:>
> We have seen quite an increase in web-related attacks, specifically
> trying to exploit cgi's with %0a (newline) characters, trying to grab
> password files, and run other commands. I would recomend grep'ing
> through some of your web server logs looking for passwd, %0a, %0A, and
> things like that. Just in the last few weeks these attacks have
> increased to the point of several a week.
no kidding.. let me say this, i used to dabble in hacking/cracking or
whatever you want to name it today.. now i do freelance network
security consulting, to whoever will take the advice.. i've personally
found over 1500 sites that have the cgi bug that let's you grab the
password files, and of those 1500 hundred, i can safely say, at least
half no longer have the bug. the sysadmin community needs to keep a
closer eye on their log files, advisories, and these mailing lists.
sure it seems like a hassle, but what is the bigger hassle? cleaning
your mailbox, or starting your system over from scratch??
brianc@telepath.com
demented enterprises, ltd.
consulting at it's finest
