Re: [Full-Disclosure] Patched Solaris Boxes being Hacked??

From: Ron DuFresne (dufresne_at_winternet.com)
Date: 01/05/04

  • Next message: Thomas Biege: "[Full-Disclosure] SUSE Security Announcement: Linux Kernel (SuSE-SA:2004:001)" 
    To: "Compton, Rich" <RCompton@chartercom.com>
Date: Mon, 5 Jan 2004 14:11:23 -0600 (CST)

    Any system this day in age to get hacked via finger, rpc and/or ftp can
    not be considered to have been patched nor secured in any real manner,
    thus these were exposed systems without security measures in place, and as
    susceptable <almost> as any default widowns system one just got for x-mas
    and exposed without patches and anti-viri software and secureity measures
    taken to lock them down.

    Thanks,

    Ron DuFresne

    On Mon, 5 Jan 2004, Compton, Rich wrote:

    > Anyone out there have more information on ISC's reports of patched Solaris
    > boxes being compromised? Here's the quote from the Incident Handler's Diary
    > for today:
    >
    > "Solaris 8 Hacks. We've received a few reports of significant intrusions
    > into networks of patched Solaris 8 machines. Initial analysis indicates what
    > appears to be a multi-vector attack, using finger, rpcbind, and ftp. In one
    > network, the systems that got broken into did not have tcpwrappers installed
    > nor did they have the rpcbind from Wietse Venema and Casper *** that has
    > tcpwrapper support. However, there were Solaris 8 systems in the same
    > machine room that are behind on patches, but have tcp wrappers installed and
    > they were not broken into. If there have been other cases of similar
    > intrusions in the past few days, the Storm Center would like to hear about
    > it."
    >
    > -Rich Compton
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    "Cutting the space budget really restores my faith in humanity. It
    eliminates dreams, goals, and ideals and lets us get straight to the
    business of hate, debauchery, and self-annihilation." -- Johnny Hart
            ***testing, only testing, and damn good at it too!***

    OK, so you're a Ph.D. Just don't touch anything.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Thomas Biege: "[Full-Disclosure] SUSE Security Announcement: Linux Kernel (SuSE-SA:2004:001)"