Re: [Fwd: SANS Flash Alert For Solaris]

["R. DuFresne" <dufresne () sysinfo com>]

I believe that in the wild solaris and linux have been the most common
systems exploited, and solaris is the #1 platform that has been seen to be
compromised and used to DOS other systems, thus the solaris binaries...

Thanks,

Ron DuFresne

On Wed, 5 Jan 2000 sedwards () sedwards com wrote:

> On Tue, 4 Jan 2000, James Triplett wrote:
>
> > > Where to find the software:
> > >
> > > The host-based tool from NIPC may be found at:
> > > http://www.fbi.gov/nipc/trinoo.htm
> >
> > I suppose this is legit.  However, they are asking us to run
> > AS ROOT, some unknown executable on all our important systems.
> > Goes against the most basic security procedures!
> >
> > No source provided, no way to ensure that this isn't just another trojan...
> > (even the fbi.gov site could be hacked, and anyway how do they know what
> > is in the executable?)
> >
> > James
>
> Running strings on the executable prints out stuff that looks a lot like
> the attack client/server. Did they use the source to create their tool?
>
> This made me anxious enough to wait for a while to see if somebody posted
> a warning...
>
> Also, why no i386 executables or even a mention that the executables they
> provided were only for SPARC?
>
>
> Thanks in advance,
> ------------------------------------------------------------------------
> Steve Edwards      sedwards () sedwards com      Voice: +1-760-723-2727 PST
> Newline            Pager: +1-888-478-5085           Fax: +1-760-731-3000

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!