Security Incidents mailing list archives
Re: Anybody recognize this Solaris compromise?
From: Axel Pettinger <api () worldonline de>
Date: Fri, 13 Apr 2007 23:30:15 +0200
David Gillett wrote:
I've got a Solaris machine on my network that has acquired an unauthorized behaviour of unknown origin. Every night, from 1:10:30am until 6:00:30am, it tries to establish outbound telnet connections to addresses all over the Internet.
"Telnet" and "01:10am", this looks like the following worm: Solaris Telnet Scanning Possible Worm? http://asert.arbornetworks.com/2007/02/solaris-telnet-scanning-possible-worm/ Solaris Telnet Worm http://www.symantec.com/enterprise/security_response/weblog/2007/02/solaris_telnet_worm.html Security Vulnerability in the in.telnetd(1M) Daemon May Allow Unauthorized Remote Users to Gain Access to a Solaris Host http://sunsolve.sun.com/search/document.do?assetkey=1-26-102802-1 Solaris.Wanuk.Worm http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-022810-3637-99 Solaris.Wanukdoor http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-022810-0202-99 SunOS/Wanukdoor http://vil.nai.com/vil/content/v_141604.htm Regards, Axel Pettinger ------------------------------------------------------------------------- This list sponsored by: SPI Dynamics ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CiNE --------------------------------------------------------------------------
Current thread:
- Anybody recognize this Solaris compromise? David Gillett (Apr 13)
- Re: Anybody recognize this Solaris compromise? Jamie Riden (Apr 13)
- Re: Anybody recognize this Solaris compromise? Tim (Apr 13)
- Re: Anybody recognize this Solaris compromise? Matthew T. Fata (Apr 13)
- Message not available
- Re: Anybody recognize this Solaris compromise? Jamie Riden (Apr 18)
- Re: Anybody recognize this Solaris compromise? Jamie Riden (Apr 13)
- Re: Anybody recognize this Solaris compromise? Axel Pettinger (Apr 13)