Security Incidents mailing list archives
Re: Cracked by the Brazilians
From: spenneb () UNI-MUENSTER DE (Ralf Spenneberg)
Date: Fri, 31 Mar 2000 08:00:17 +0200
Hi! Are you sure that your bind is just listening to the private ethernet card? The ADMROCKS Attack is quite famous. There were at least three vulnerabilities in bind 8.2 last year. They might not have made it to to 6.0 updates directory, because 6.1 was the active distribution. And yes, that one had several bind updates. Cheers, Ralf
Von: Seth Milder <mrseth () PHYSICS GMU EDU> Antworten an: Seth Milder <mrseth () PHYSICS GMU EDU> Datum: Thu, 30 Mar 2000 13:22:56 -0500 An: INCIDENTS () SECURITYFOCUS COM Betreff: Cracked by the Brazilians Hi. I am running a Linux server that is running RH 6.0. I have implemented TCP wrappers, portsentry, logcheck and religiously applied any patches as soon as possible. Still, I get cracked. My server runs Bind-8.2 (caching nameserver only, which is bound to an ethernet card with private addresses), PostgreSQL, NFS, ssh2 (no root login allowed), ipop3d, and NIS. It also serves as a IP MASQ server for a computer lab through a second ethernet card. I found the usual BitchX stuff along with the package bscan.tar which contains:
I guess this may have something to do with this: [root@physics ADMROCKS]# pwd /var/named/ADMROCKS
Current thread:
- Re: 169.254.x.x, (continued)
- Re: 169.254.x.x Robert Graham (Mar 29)
- Re: 169.254.x.x Pavel Kankovsky (Mar 30)
- Cracked by the Brazilians Seth Milder (Mar 30)
- Re: Cracked by the Brazilians Michael Damm (Mar 30)
- Re: Cracked by the Brazilians Seth Milder (Mar 30)
- Re: Cracked by the Brazilians Robert Graham (Mar 30)
- Re: Cracked by the Brazilians Seth Milder (Mar 30)
- Re: Cracked by the Brazilians Michael H. Warfield (Mar 30)
- Re: Cracked by the Brazilians Omachonu Ogali (Mar 30)
- Re: Cracked by the Brazilians Blaise St-Laurent (Mar 30)
- Re: Cracked by the Brazilians Ralf Spenneberg (Mar 30)
- Re: Cracked by the Brazilians Seth Milder (Mar 30)
- link-local IPs (Was "Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity)") Richard Johnson (Mar 30)
- unapproved queries for "aol.com" Francis A. Vidal (Mar 26)
- Linux-box hacked, ls, ps, login modified Frank Derichsweiler (Mar 22)
- Re: Linux-box hacked, ls, ps, login modified Rick Tait (Mar 22)
- Re: Linux-box hacked, ls, ps, login modified Granquist, Lamont (Mar 24)
- 'fatal:' sshd log message Przemyslaw Frasunek (Mar 25)
- sgi-dgl scanning Michael Stone (Mar 27)
- unusual mail file Donald McLachlan (Mar 28)
- Re: unusual mail file Ryan Hilton (Mar 28)