hi jose
thanx for the lion/ramen urls below
we've had an old rh-6.1 attacked/destroyed by ramen
since the guys didnt want to sepdn $$$ on a firewall
and/or admin support etc..etc...
- rh-6.1 does NOT have a patch for bind-8.2.3 or higher
( which is how they got in )
its been (forcebly) reinstalled with rh-7.0 now...with patches
and fixes... somehow they seem to want their website and
emails working.....
and hopefully it will hold up to more
attacks as they still are using their methodology to
get in...
have fun linuxing
alvin
http://www.Linux-1U.net ... 3 NIC 1u firewalls ...
On Mon, 9 Apr 2001, Jose Nazario wrote:
> On Mon, 9 Apr 2001, Justin Schoeman wrote:
>
> > I was just wondering if anybody else has noticed a significant
> > increase in exploit scanning over the last few weeks? Just this last
> > weekend, I have monitored 9 scans, including bind, ftpd, statd and
> > lpd. This has been getting more and more common, starting with
> > approximately 1 scan every two days, about 4 weeks ago, to
> > approximately 3 scans a day now. The scans all come from different
> > sources, mainly on the pacific rim.
>
> worms: adore, l1on, and ramen.
>
> http://www.sans.org/y2k/adore.htm
> http://www.whitehats.com/library/worms/lion/index.html
> http://www.whitehats.com/library/worms/ramen/index.html
>
> hope this helps. its responsible for about 99% of the particular service
> sweeps you are seeing.
>
> ____________________________
> jose nazario [EMAIL PROTECTED]
> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
> PGP key ID 0xFD37F4E5 (pgp.mit.edu)
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
