Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: solaris lpd, KARMAPOLICE?

From: Ken K <ken () kirchoff com>
Date: Wed, 29 Aug 2001 16:22:22 -0400
Considering that there's an exploit big enough to drive a truck through for LPD on Solaris, you might want to check to see if the version that you have is vulnerable. LPD is really bad to run on the net and the recent vulnerability could be your problem.
Hope you server was 1.) In a DMZ, 2.) Has tripwire and can tell you what changed. Otherwise, I would be _very_ wary.
You should consider some kind of authenticated tunnel or such. Maybe stunnel will work for you on a high to deflect some of the risk. 

--Ken

Ricky Vludmore wrote:
I have a SunOS 5.8 system with a printer attached to it (used to service print requests on my company's network). It's a fairly busy printer. It's accessible via the Internet, with reason. Yesterday I went to investigate why a large batch of jobs had frozen. I discovered that they had been erased. Strange considering that nobody else has access to this machine and I haven't seen it happen before. I snooped around and noticed 
some very strange activity, namely what appeared to be signs
of an intrusion- idle shell processes and other abnormalities.
Not thinking, I pulled the plug :-(
The only indication of an intrusion now is a log file that shows someone requesting a print request to or from a "KARMAPOLICE" printer/server which I don't recognize at all. Ring any bells? 



------------------------------------------------------------
This email was sent through the free email service at http://www.anonymous.to/
To report abuse, please visit our website and click "Contact Us."

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com 





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: