Snort mailing list archives
News of tcpdump and libcap hacks
From: "Gregory W. Ratcliff" <nz8r () att net>
Date: Sat, 16 Nov 2002 01:23:32 -0500
Snort Users, Be careful where your source comes from! Greg Ratcliff Argusnetsec.com *************************************************** Linux utility site hacked, infected By Patrick Gray ZDNet Australia November 14, 2002, 6:31 AM PT URL: http://zdnet.com.com/2100-1105-965800.html The download site for two very common Linux based utilities, tcpdump.org, was hacked into on Nov. 11, and the software available for download was modified to contain Trojan Horse code. This Trojan Horse, or "back door" software allows the hacker that wrote it to access any machine on which the modified software is run. The two software items affected are tcpdump and libpcap, tools commonly used in information security applications. Some Intrusion Detection System (IDS) software requires libpcap. This is the most recent in a string of similar attacks. Sendmail, one of the most widely used e-mail server software packages, was also "trojaned" recently. Others affected in recent months have included OpenSSH, the secure remote access software, and even Fragroute, a hacker utility. The identity of the hacker conducting this campaign is unknown, as is whether a connection exists between the separate incidents. CERT released an advisory in which they ".encourage sites using libpcap and tcpdump to verify the authenticity of their distribution, regardless of where it was obtained." CERT provided the information necessary to determine the authenticity of any libpcap or tcpdump software recently downloaded. The advisory also encourages users to verify all software before installing it. "As a matter of good security practice, the CERT/CC encourages users to verify, whenever possible, the integrity of downloaded software." ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- error configure --with-snmp Michael J. McCasland (Nov 15)
- Re: error configure --with-snmp Phil Wood (Nov 15)
- Re: error configure --with-snmp Michael J. McCasland (Nov 15)
- News of tcpdump and libcap hacks Gregory W. Ratcliff (Nov 15)
- Re: error configure --with-snmp Andrew R. Baker (Nov 17)
- Re: error configure --with-snmp Michael J. McCasland (Nov 17)
- <Possible follow-ups>
- Re: error configure --with-snmp Justin Jessup (Nov 16)
- Re: error configure --with-snmp Justin Jessup (Nov 17)
- Re: error configure --with-snmp Phil Wood (Nov 15)