nanog mailing list archives
Re: OT: Earthlink Contact - Important Root Hacked
From: Valdis.Kletnieks () vt edu
Date: Fri, 07 Jul 2000 15:55:43 -0400
On Fri, 07 Jul 2000 12:46:12 PDT, "K. Graham" <kgraham () ican net> said:
This exploit was used on us and we would like to remove any likelihood of others being compromised. The exploit is in the hands of the people at rootshell.
Umm.. is this a *new* exploit that the rootshell people have been given, but isn't in general circulation yet? If it's already available at rootshell, you should assume that every script kiddie on the planet has a copy, and start patching your systems. Unless you've been VERY lucky and are one of the first dozen or so machines to have been targeted by a brand-new exploit, removing the copy that's at earthlink is just urinating into the wind. Note - this is *NOT* saying that the Earthlink machine doesn't need cleaning up - just that the *exploit* is almost certainly widespread enough that removal of the one copy won't change the fact it's out there and will be used on others. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- OT: Earthlink Contact - Important Root Hacked K. Graham (Jul 07)
- Re: OT: Earthlink Contact - Important Root Hacked Valdis . Kletnieks (Jul 07)
- Re: OT: Earthlink Contact - Important Root Hacked K. Graham (Jul 07)
- Re: OT: Earthlink Contact - Important Root Hacked Shawn McMahon (Jul 07)
- Re: OT: Earthlink Contact - Important Root Hacked Valdis . Kletnieks (Jul 07)