SECURITY WARNING: w0rm z IP 195.146.98.111

Pátek Červen 26 15:00:02 CEST 1998

> > Zdravim,
> > zaroven Vam chci doporucit upgrade namedu, protoze z IP 
> > 195.146.98.111 (asi dialup) jsme byli napadeni exploitem zvanym w0rm. 
> > Tento postihuje vsechny verze namedu < 8.1.2 ....
> 
> To neni pravda. Postihuje verze X, kde X <= 4.9.6 nebo X >= 8.0.0 a X
> <= 8.1.1. RedHat pouziva verzi 4.9.6 (v rpmku bind-4.9.6-7) ktera je
> specialne opravena, te se to netyka. Verze 4.9.7 je bezpecna.

No dobra, kazdopadne je nejlepsi si nainstalovat 8.1.2 :))

> > PS2: Pro identifikaci utoku hledejte v logu: 
> > 'named[<nejaky_pid>]: accept: Connection reset by peer'
> 
> To ale vubec nemusi znamenat tento utok.

Nemusi, ale pokud Vas nekdo napadl, tak urcite smazal logy a jedine, 
co muzete objevit je tento radek, ktery produkuje prave ten program na 
detekci vulnerablity ...... 
Mate pravdu, ze se to (Conn res by peer) stat muze, nicmene je lepsi 
si to overit nez rikat "To ale vubec nemusi" ... zaruci Vam nekdo ze 
100% NE ?

M.

PS: PLZ, no flamewar ....
--

________________________________________________________________
/~~\____/~~\_/~~~~~~~~\_/~~~~~~~\__/~~\_______/~~~~\_/~~\__/~~\_
/~~~\__/~~~\_/~~\_______/~~\__/~~\_/~~\________/~~\__/~~~~\/~~\_
/~~~~\/~~~~\_/~~~~~~\___/~~~~~~~\__/~~\________/~~\__/~~\~~~~~\_
/~~\~~~~/~~\_/~~\_______/~~\__/~~\_/~~\________/~~\__/~~\ \~~~\_
/~~\_\/_/~~\_/~~~~~~~~\_/~~\__/~~\_/~~~~~~~~\_/~~~~\_/~~\__\~~\_
________________________________________________________________
      Michal Safranek ; Vajgar 703/III ; J.Hradec ; 377 04
     tel:+420 331 245 31 FRI-SUN ; +420 361 276 051 MON-THU
    mail: safra-mi na ddm.jhrnet.cz | safranek na jhr.bohem-net.cz
----------------------------------------------------------------
 Microsoft neni odpoved. Microsoft je otazka, a odpoved zni NE.