Firewall Wizards mailing list archives
Re: [Fwd: SANS Flash Alert For Solaris]
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 5 Jan 2000 13:08:08 -0600 (CST)
Since when does one need 'source' for a mere script? more script would satisfy me for sure... Thanks, Ron DuFresne On Tue, 4 Jan 2000, James Triplett wrote:
On Tue, Jan 04, 2000 at 03:08:49PM -0800, Peter J Dinauer wrote:The hunt is on . . . .Received: from SpoolDir by ROADRUNNER (Mercury 1.44); 4 Jan 00 13:10:19 pst8pdt If you have a lot of experience with software that is still a bit green, you could really make a contribution to the community by running and testing the scanning program. If you are less experienced you might want to delay a day or two. But don't delay long, the tool may have a short life span, as the attackers will begin to modify the trojan code to evade detection. Where to find the software: The host-based tool from NIPC may be found at: http://www.fbi.gov/nipc/trinoo.htmI suppose this is legit. However, they are asking us to run AS ROOT, some unknown executable on all our important systems. Goes against the most basic security procedures! No source provided, no way to ensure that this isn't just another trojan... (even the fbi.gov site could be hacked, and anyway how do they know what is in the executable?) James
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- [Fwd: SANS Flash Alert For Solaris] Peter J Dinauer (Jan 04)
- Re: [Fwd: SANS Flash Alert For Solaris] James Triplett (Jan 05)
- Re: [Fwd: SANS Flash Alert For Solaris] R. DuFresne (Jan 06)
- Re: [Fwd: SANS Flash Alert For Solaris] sedwards (Jan 06)
- Re: [Fwd: SANS Flash Alert For Solaris] R. DuFresne (Jan 06)
- Re: [Fwd: SANS Flash Alert For Solaris] spiff (Jan 06)
- Re: [Fwd: SANS Flash Alert For Solaris] James Triplett (Jan 05)