Re: TRG vger.timpanogas.org hacked

2001-06-05 Thread Michael H. Warfield
On Tue, Jun 05, 2001 at 11:30:51AM -0700, Jeff V. Merkey wrote: > On Tue, Jun 05, 2001 at 08:05:34AM +0100, Alan Cox wrote: > > > is curious as to how these folks did this. They exploited BIND 8.2.3 > > > to get in and logs indicated that someone was using a "back door" in > > Bind runs as root

RE: TRG vger.timpanogas.org hacked

2001-06-05 Thread Brian Wellington
On Tue, 5 Jun 2001, Randal, Phil wrote: > Bind 8.2.4 was released on May 17th, with the standard > comment "BIND 8.2.4 is the latest version of ISC BIND 8. > We strongly recommend that you upgrade to BIND 9.1 or, if > that is not immediately possible, to BIND 8.2.4 due to > certain security vulne

Re: TRG vger.timpanogas.org hacked

2001-06-05 Thread Michael H. Warfield
On Tue, Jun 05, 2001 at 08:05:34AM +0100, Alan Cox wrote: > > is curious as to how these folks did this. They exploited BIND 8.2.3 > > to get in and logs indicated that someone was using a "back door" in > Bind runs as root. It doesn't have to. In fact, I just set up a RedHat 6.2 Hone

Re: TRG vger.timpanogas.org hacked

2001-06-05 Thread Daniel Roesen
On Tue, Jun 05, 2001 at 01:07:05PM +, Henning P. Schmiedehausen wrote: > Connected to vger.timpanogas.com. > Escape character is '^]'. > SSH-1.5-1.2.27 > > Well known exploits downloadable at any of the better hacking sites. This _may_ be misleading. I had several boxes where I patched ssh 1

Re: TRG vger.timpanogas.org hacked

2001-06-05 Thread Matti Aarnio
ncil > Hereford, UK > > > -Original Message- > > From: Daniel Roesen [mailto:[EMAIL PROTECTED]] > > Sent: 05 June 2001 11:14 > > To: [EMAIL PROTECTED] > > Subject: Re: TRG vger.timpanogas.org hacked > > > > > > On Tue, Jun 05, 2001 at 08:05:34A

RE: TRG vger.timpanogas.org hacked

2001-06-05 Thread Randal, Phil
- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -Original Message- > From: Daniel Roesen [mailto:[EMAIL PROTECTED]] > Sent: 05 June 2001 11:14 > To: [EMAIL PROTECTED] > Subject: Re: TRG vger.timpanogas.org hacked > > > On Tue,

Re: TRG vger.timpanogas.org hacked

2001-06-05 Thread Daniel Roesen
On Tue, Jun 05, 2001 at 08:05:34AM +0100, Alan Cox wrote: > > is curious as to how these folks did this. They exploited BIND 8.2.3 > > to get in and logs indicated that someone was using a "back door" in > > Bind runs as root. Not if set up properly. And there is no known hole in BIND 8.2.3-RE

TRG vger.timpanogas.org hacked

2001-06-04 Thread Jeff V. Merkey
Our master server (vger.timpanogas.org) running 2.2.19 was hacked and completely obliterated by someone using a Novell Proxy Cache via a kernel level exploit in [sys_wait+4]. They somehow created a segmentation fault down inside the kernel, then gained access to the /lib directory and relinke