[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Bind Hack

Subject: Re: [cobalt-security] Bind Hack
From: "Mike Fritsch" <mfritsch@xxxxxxxxxxxx>
Date: Fri, 9 Feb 2001 10:25:20 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>
> We got an e-mail today from our CoLo (UK2.net) that our RaQ3 had been
hacked. The port 15000
> would be open as a result of this hack. It further says that aprox. 20
files had been changed and
> we were urgently requested to apply an .pkg to repair those files.

What .pkg did they tell you to install that would unhack the system?

Mike


>
> Since I dare to fix things before they break, I tried to figure out and
find some traces of the exploit.
>
> I couldn't find a foreign thing in .bash_history. We don't have a
'/lib/security/.config like someone
> wrote. I tried: 'telnet xxx.xxx.xxx.xxx 15000' and got 'Unable to connect'
which tells me that port 15000
> is not open. Furthermore, everything is running smoothly: apache, ssh,
e-mail and
> '/usr/sbin/ndc status' prints out version bind-8.2.3
>
> Can someone please give some hints and save me from a heart attack ?
> How could I detect this hack ?
>
> Thanx
> Thomas
>
> --
> InternAd.de
> Internet Advertising
> Thomas Prosi
> tp@xxxxxxxxxxx
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- [cobalt-security] Bind Hack
  - From: RaQ3

Prev by Date: [cobalt-security] Bind Hack
Next by Date: Re: [cobalt-security] Bind Hack
Previous by thread: [cobalt-security] Bind Hack
Next by thread: Re: [cobalt-security] Bind Hack

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index