Re: tcpdump.org mirrors

[Michael Richardson <mcr () sandelman ottawa on ca>]

-----BEGIN PGP SIGNED MESSAGE-----


> > > > > "Joseph" == Joseph W Shaw <mrman () darkside org> writes:
    >> I run the main mirror of tcpdump at wiretapped.net (no relation to
    >> wiretapped.us) in Australia.  We rsync from cvs.tcpdump.org, and have
    >> removed the entire tcpdump.org tree and disabled rsync updates until we
    >> hear from Michael Richardson at tcpdump.org.
    >> 
    >> You may like to add this info to your Updates area, as the unavailability
    >> of the main mirror site may seem suspicious.  It is not, as described
    >> above.
    >> 
    >> Because wiretapped.net itself is mirrored to a few other sites, it may
    >> take between 1 hour and 24 hours for this removal (and any subsequent
    >> re-addition) to take effect.  We'll note when it goes back online at
    >> http://www.wiretapped.net/changelog.html

    Joseph> I sent a notification to Michael at 2:30 am this morning when the HLUG
    Joseph> guys informed me.  While I wrote the tcpdump.org page, I don't have any
    Joseph> admin rights to the server so there's nothing I can do to change anything
    Joseph> on it.  Until Michael finds himself aware of this issue, all mirrors
    Joseph> should remove their source packages until further notice.

  Hi, I learnt about things as I picked up voice mail this morning upon
landing in Atlanta for DNSSEC workshop and IETF next week. (Grant, your voice
mail was appreciated, because otherwise it wouldn't have been until several
hours later).

  It appears that the machine was either had root compromised, or my account.
  There is indeed a login (recorded in authlog, but not in lastlog) on
Sunday evening from the machine to which the trojan gets directed.

  The machine is partially offline (no default route). The mailing list
(and my mailbox) is also hosted on this machine. I will probably move both
elsewhere this coming week.
  Expect the machine to stay offline for a number of days.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPdKZF4qHRg3pndX9AQHPFgQAmy0vumlOr87jXa7irBjJMok9gmllCRoS
02UzBI9bvpjMf1v778VxCIhFim1KgIT5ZPQDCYnvAXDwSR6IxFHwSUeTYwsvEbRM
ofCkN9//ubTJt59t5Hcx7jmUIedfT78AaJEJjHC85xuZO0eSUGyJhl+wAxMR9I4C
yjgCl+8Yles=
=+CuM
-----END PGP SIGNATURE-----
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe