Security Incidents mailing list archives
Re: rooted by r0x - from address 212.177.241.127
From: RSMAGILL () A1 NLHC NF CA (Rick Magill)
Date: Thu, 30 Mar 2000 22:51:09 -0330
Only a few updates applied... Was named one of them?
The version of named that shipped with 6.1 was vulnerable and an
announcement/updated rpm was issued in the Nov/Dec 99 timeframe.
Rick
Subject: Re: rooted by r0x - from address 212.177.241.127
> >From my named/bind default directory:
> drwxr-xr-x 2 root root 1024 Mar 28 12:05 ADMROCKS
I had the exact same thing happen to one of my machines on March 25. How
many people have been hit by this? The only services running on the hacked
machine were ssh and named however.. so I'm not 100% convinced it's bind.
The machine was running RedHat 6.1 with only a few updates installed at the
time.
-Ethan
Current thread:
- Re: Curious HTTP related probings., (continued)
- Re: Curious HTTP related probings. Erik Fichtner (Mar 22)
- Re: Curious HTTP related probings. Russell Fulton (Mar 22)
- [Fwd: [fw-wiz] Specious network performance measurements.] horio shoichi (Mar 22)
- Re: 8 hours of pinging Scott Wunsch (Mar 22)
- Re: 8 hours of pinging Robert Graham (Mar 22)
- Re: 8 hours of pinging Rainer Freis (Mar 27)
- Re: 8 hours of pinging Ed Padin (Mar 28)
- Re: 8 hours of pinging Dragos Ruiu (Mar 29)
- rooted by r0x - from address 212.177.241.127 Dwight Schauer (Mar 29)
- Re: rooted by r0x - from address 212.177.241.127 Ethan King (Mar 29)
- Re: rooted by r0x - from address 212.177.241.127 Rick Magill (Mar 30)
- sendmail/identd attack Guido A.J. Stevens (Mar 30)
- Re: rooted by r0x - from address 212.177.241.127 Ryan Russell (Mar 29)
- UDP port 9200 Bobby, Paul (Mar 30)
- Re: UDP port 9200 Robert Graham (Mar 30)
- Re: UDP port 9200 Joey McAlerney (Mar 30)
- Re: rooted by r0x - from address 212.177.241.127 Jens Hektor (Mar 31)
- Re: 8 hours of pinging Robert Kulagowski (Mar 29)