SECURITY WARNING: w0rm z IP 195.146.98.111
Michal Safranek
SAFRA-MI na ddm.jhrnet.cz
Čtvrtek Červen 25 22:10:33 CEST 1998
Zdravim,
zaroven Vam chci doporucit upgrade namedu, protoze z IP
195.146.98.111 (asi dialup) jsme byli napadeni exploitem zvanym w0rm.
Tento postihuje vsechny verze namedu < 8.1.2 ....
Jedna se o mass-scan asi podle domen, takze Vas to muze potkat stejne
jako me ...
S pozdravem
M. S.
PS: Dekuji za upozorneni panu Petru Freimannovi, protoze bych jinak
tento utok na nas server neobjevil .... (Diky Petre !)
PS2: Pro identifikaci utoku hledejte v logu:
'named[<nejaky_pid>]: accept: Connection reset by peer'
--
________________________________________________________________
/~~\____/~~\_/~~~~~~~~\_/~~~~~~~\__/~~\_______/~~~~\_/~~\__/~~\_
/~~~\__/~~~\_/~~\_______/~~\__/~~\_/~~\________/~~\__/~~~~\/~~\_
/~~~~\/~~~~\_/~~~~~~\___/~~~~~~~\__/~~\________/~~\__/~~\~~~~~\_
/~~\~~~~/~~\_/~~\_______/~~\__/~~\_/~~\________/~~\__/~~\ \~~~\_
/~~\_\/_/~~\_/~~~~~~~~\_/~~\__/~~\_/~~~~~~~~\_/~~~~\_/~~\__\~~\_
________________________________________________________________
Michal Safranek ; Vajgar 703/III ; J.Hradec ; 377 04
tel:+420 331 245 31 FRI-SUN ; +420 361 276 051 MON-THU
mail: safra-mi na ddm.jhrnet.cz | safranek na jhr.bohem-net.cz
----------------------------------------------------------------
Microsoft neni odpoved. Microsoft je otazka, a odpoved zni NE.
Další informace o konferenci Linux