nanog mailing list archives

Re: OT: Earthlink Contact - Important Root Hacked

From: Valdis.Kletnieks () vt edu
Date: Fri, 07 Jul 2000 15:55:43 -0400

On Fri, 07 Jul 2000 12:46:12 PDT, "K. Graham" <kgraham () ican net>  said:

This exploit was used on us and we would like to remove any likelihood
of others being compromised.   The exploit is in the hands of the people
at rootshell.


Umm.. is this a *new* exploit that the rootshell people have been given, but
isn't in general circulation yet?

If it's already available at rootshell, you should assume that every script
kiddie on the planet has a copy, and start patching your systems.  Unless
you've been VERY lucky and are one of the first dozen or so machines to have
been targeted by a brand-new exploit, removing the copy that's at earthlink
is just urinating into the wind.

Note - this is *NOT* saying that the Earthlink machine doesn't need cleaning
up - just that the *exploit* is almost certainly widespread enough that removal
of the one copy won't change the fact it's out there and will be used on others.

-- 
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin
Description:

Current thread:

OT: Earthlink Contact - Important Root Hacked K. Graham (Jul 07)
- Re: OT: Earthlink Contact - Important Root Hacked Valdis . Kletnieks (Jul 07)
  - Re: OT: Earthlink Contact - Important Root Hacked K. Graham (Jul 07)
- Re: OT: Earthlink Contact - Important Root Hacked Shawn McMahon (Jul 07)