[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] how do the hackers find your Raq?

Subject: Re: [cobalt-users] how do the hackers find your Raq?
From: "Dylan Smith" <dyls@xxxxxxx>
Date: Wed May 23 12:48:20 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> click a mouse and paste text into a shell program.  Fun, eh?  I don't know
> how many are seeking out Cobalt boxes, but it wouldn't be hard to find
them
> if there's a known exploit that affects a Cobalt box

I suspect they are not specifically targeting Cobalt systems, but systems
using DeadRat...erm, I mean RedHat Linux. Cobalt Linux is a derivative of
RedHat, and has inherited its security holes.

The most common ones seem to be sunrpc (port 111) - I suspect most of us
don't run that (I certainly don't - the vast majority of kiddie scans seem
to be against 111), lpd (the printer daemon, most of us probably don't run
it either), and named (and a lot of us probably do run that one).

As an additional precaution to just having the latest security patches, try
and run daemons that don't require root access as a non-root user. I require
named (ie BIND), but I run it as a non-root user.

Follow-Ups:
- RE: [cobalt-users] how do the hackers find your Raq?
  - From: Rob van Eijk

References:
- [cobalt-users] how do the hackers find your Raq?
  - From: Dico Reyers
- Re: [cobalt-users] how do the hackers find your Raq?
  - From: Steve Werby

Prev by Date: Re: [cobalt-users] RaQ2 File system full
Next by Date: Re: [cobalt-users] Call To Arms Against New.Net
Previous by thread: Re: [cobalt-users] how do the hackers find your Raq?
Next by thread: RE: [cobalt-users] how do the hackers find your Raq?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index