Jde mi o ten port 1109 ...

[Pavel Kankovsky]

On Fri, 19 May 2000, q wrote:

> co to je port 1109? Udajne kpop. Je v tom naka chyba? neco sem nasel ale
> nejsem uplne jistej. Poradte.

<quote>
Daemons or services that may call krb_rd_req() and are thus vulnerable
to remote exploit include:
 
        krshd
        klogind (if accepting Kerberos 4 authentication)
        telnetd (if accepting Kerberos 4 authentication)
        ftpd (if accepting Kerberos 4 authentication)
        rkinitd
        kpopd
</quote>

Viz Bugtraq, CERT...

> Jedna se o prunik do masiny... 

O prunik tezko, kdyz to skoncilo na firewallu, ale pokus by to mohl byt.

> May 16 17:46:37 lamer PAM_pwdb[1967]: (su) session opened for user
> nobody by (uid=0)
> May 16 17:46:37 lamer pam_xauth[1967]: do_file: could not create dir
> //.xauth

Neni pam_xauth trochu moc iniciativni?

> May 16 17:47:00 lamer sshd[1998]: connect from 127.0.0.1
> May 16 17:47:00 lamer sshd[1998]: log: Connection from 127.0.0.1 port
> 3356
> May 16 17:47:00 lamer sshd[1998]: fatal: Did not receive ident string.

Tohle je take moc pekne. Urcite filtrujete ze site prichozi pakety
s adresami z 127.0.0.0/8?

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."