7 is not that secure either. There are some holes to plug there.
David
----- Original Message -----
From: "Alvin Oga" <[EMAIL PROTECTED]>
To: "Jose Nazario" <[EMAIL PROTECTED]>
Cc: "Justin Schoeman" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Monday, April 09, 2001 8:26 PM
Subject: Re: Continuous scanning.
>
> hi jose
>
> thanx for the lion/ramen urls below
>
> we've had an old rh-6.1 attacked/destroyed by ramen
> since the guys didnt want to sepdn $$$ on a firewall
> and/or admin support etc..etc...
> - rh-6.1 does NOT have a patch for bind-8.2.3 or higher
> ( which is how they got in )
>
> its been (forcebly) reinstalled with rh-7.0 now...with patches
> and fixes... somehow they seem to want their website and
> emails working.....
>
> and hopefully it will hold up to more
> attacks as they still are using their methodology to
> get in...
>
> have fun linuxing
> alvin
> http://www.Linux-1U.net ... 3 NIC 1u firewalls ...
>
>
> On Mon, 9 Apr 2001, Jose Nazario wrote:
>
> > On Mon, 9 Apr 2001, Justin Schoeman wrote:
> >
> > > I was just wondering if anybody else has noticed a significant
> > > increase in exploit scanning over the last few weeks? Just this last
> > > weekend, I have monitored 9 scans, including bind, ftpd, statd and
> > > lpd. This has been getting more and more common, starting with
> > > approximately 1 scan every two days, about 4 weeks ago, to
> > > approximately 3 scans a day now. The scans all come from different
> > > sources, mainly on the pacific rim.
> >
> > worms: adore, l1on, and ramen.
> >
> > http://www.sans.org/y2k/adore.htm
> > http://www.whitehats.com/library/worms/lion/index.html
> > http://www.whitehats.com/library/worms/ramen/index.html
> >
> > hope this helps. its responsible for about 99% of the particular service
> > sweeps you are seeing.
> >
> > ____________________________
> > jose nazario [EMAIL PROTECTED]
> > PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
> > PGP key ID 0xFD37F4E5 (pgp.mit.edu)
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
