Security Incidents mailing list archives

Re: Cracked by the Brazilians

From: mrseth () PHYSICS GMU EDU (Seth Milder)
Date: Fri, 31 Mar 2000 01:19:00 -0500


Robert Graham wrote:


Message begins: "My Server runs Bind-8.2"
Message queries: "How did they get in?"
Answer:
http://www.securityfocus.com/bid/788.html


I swore that I had updated BIND on all my machines. I did...except for
that one.

It is also extremely dangerous to expose PostgreSQL, NFS, and NIS to the
Internet. You should probably reconsider that.


Is there any better alternatives to NFS? What about keeping a
restrictive securenets file for NIS? Is NIS so bad that there is nothing
that can be done with it? I also need to run some sort of database. The
postgres account was locked. I did not think that was an issue. I was
only using it through Java servlets via the JDBC driver. Sorry if I am
clueless, but I am no CS guy and the only reason I am an admin is
because I am the least worst person in the department for the job as
they cannot afford a real one. I would like to thank everyone for their
comments and any clues that they can impart to me are always welcome.

Thanks again,

Seth

P.S. If I disable all the IPMASQ modules except for ftp, does this buy
me anything security-wise?

Current thread:

Re: Dramatic increase in UDP Port 137 (NetBIOS Name Service)probeactivity, (continued)
- - - Re: Dramatic increase in UDP Port 137 (NetBIOS Name Service)probeactivity Bill Pennington (Mar 29)
    - Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity) Pavel Kankovsky (Mar 29)
    - Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity) Joshua Krage (Mar 29)
    - Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity) Greg A. Woods (Mar 29)
    - Re: 169.254.x.x Robert Graham (Mar 29)
    - Re: 169.254.x.x Pavel Kankovsky (Mar 30)
    - Cracked by the Brazilians Seth Milder (Mar 30)
    - Re: Cracked by the Brazilians Michael Damm (Mar 30)
    - Re: Cracked by the Brazilians Seth Milder (Mar 30)
    - Re: Cracked by the Brazilians Robert Graham (Mar 30)
    - Re: Cracked by the Brazilians Seth Milder (Mar 30)
    - Re: Cracked by the Brazilians Michael H. Warfield (Mar 30)
    - Re: Cracked by the Brazilians Omachonu Ogali (Mar 30)
    - Re: Cracked by the Brazilians Blaise St-Laurent (Mar 30)
    - Re: Cracked by the Brazilians Ralf Spenneberg (Mar 30)
    - Re: Cracked by the Brazilians Seth Milder (Mar 30)
    - link-local IPs (Was "Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity)") Richard Johnson (Mar 30)
    - unapproved queries for "aol.com" Francis A. Vidal (Mar 26)
    - Linux-box hacked, ls, ps, login modified Frank Derichsweiler (Mar 22)
    - Re: Linux-box hacked, ls, ps, login modified Rick Tait (Mar 22)
    - Re: Linux-box hacked, ls, ps, login modified Granquist, Lamont (Mar 24)

(Thread continues...)