In the last 4-5 days we have had 8 servers come under attack. We are
working frantically to keep ahead of these attacks. We have come to the
conclusion that the SSH in woody is likely vulnerable. Of the 8 servers
that have been broken into, half of them are running 2.2.20 and half
are running 2.
On Fri, Jun 13, 2003 at 02:18:44PM -0400, Tim Peeler remarked:
> In the last 4-5 days we have had 8 servers come under attack.
> We are working frantically to keep ahead of these attacks. We
> have come to the conclusion that the SSH in woody is likely
> vulnerable. Of the 8 servers that have bee
TIm,
If I were in your shoes, the first thing i'd do is set up a small
honeypot
with a similar configuration to your other machines. Run the same services,
as you have running on your other woody boxen, but just don't use it for
anything. This way it will appear like 'just another one'
Tim Peeler <[EMAIL PROTECTED]> writes:
> In the last 4-5 days we have had 8 servers come under attack.
Any trust relationships between these servers? Which SSH
authentication method do you use?
On Fri, 13 Jun 2003 14:18:44 -0400
Tim Peeler <[EMAIL PROTECTED]> wrote:
> In the last 4-5 days we have had 8 servers come under attack. We are
> working frantically to keep ahead of these attacks. We have come to the
> conclusion that the SSH in woody is likely vulnerable. Of the 8 servers
> th
On Fri, Jun 13, 2003 at 05:15:28PM -0400, David B Harris wrote:
> (This version of the message sent to you personally in the off chance
> that you're not subscribed to debian-security@lists.debian.org; sorry
> for not doing it via Cc:, but I forgot.)
>
> On Fri, 13 Jun 2003 14:18:44 -0400
> Tim Pe
Followup:
This has caused problems on some of our old potato systems as well.
It appears to be a worm with the speed in which it spread.
On Fri, Jun 13, 2003 at 02:18:44PM -0400, Tim Peeler wrote:
> In the last 4-5 days we have had 8 servers come under attack. We are
> working frantically
http://www.securityfocus.com/bid/7757 says Debian Linux 2.2 has Aladdin
Enterprises Ghostscript 5.10.10 and is vulnerable toan arbitrary command
execution vulnerability. It lists cve CAN-2003-0354 and zfile.c...
It says that the vulnerability was published May 17th, 2003.
Is this really a vulner
On Fri, Jun 13, 2003 at 05:52:21PM -0400, Tim Peeler wrote:
> Just for information, these failed the global check:
> bin/cp FAILED
> bin/dd FAILED
> bin/df FAILED
> bin/dir FAILED
> bin/ln FAILED
> bin/ls FAILED
> bin/mv FAILED
> bin/rm FAILED
> bin/su FAILED
> bin/ping FAILED
> bin/ps FAILED
> bin
On Fri, 13 Jun 2003 17:52:21 -0400, Tim Peeler wrote:
>On Fri, Jun 13, 2003 at 05:15:28PM -0400, David B Harris wrote:
>>
>> On Fri, 13 Jun 2003 14:18:44 -0400
>> Tim Peeler <[EMAIL PROTECTED]> wrote:
>> > In the last 4-5 days we have had 8 servers come under attack. We are
>> > working frantica
In the last 4-5 days we have had 8 servers come under attack. We are
working frantically to keep ahead of these attacks. We have come to the
conclusion that the SSH in woody is likely vulnerable. Of the 8 servers
that have been broken into, half of them are running 2.2.20 and half
are running 2.
On Fri, Jun 13, 2003 at 02:18:44PM -0400, Tim Peeler remarked:
> In the last 4-5 days we have had 8 servers come under attack.
> We are working frantically to keep ahead of these attacks. We
> have come to the conclusion that the SSH in woody is likely
> vulnerable. Of the 8 servers that have bee
TIm,
If I were in your shoes, the first thing i'd do is set up a small honeypot
with a similar configuration to your other machines. Run the same services,
as you have running on your other woody boxen, but just don't use it for
anything. This way it will appear like 'just another one' t
Tim Peeler <[EMAIL PROTECTED]> writes:
> In the last 4-5 days we have had 8 servers come under attack.
Any trust relationships between these servers? Which SSH
authentication method do you use?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EM
On Fri, 13 Jun 2003 14:18:44 -0400
Tim Peeler <[EMAIL PROTECTED]> wrote:
> In the last 4-5 days we have had 8 servers come under attack. We are
> working frantically to keep ahead of these attacks. We have come to the
> conclusion that the SSH in woody is likely vulnerable. Of the 8 servers
> th
On Fri, Jun 13, 2003 at 05:15:28PM -0400, David B Harris wrote:
> (This version of the message sent to you personally in the off chance
> that you're not subscribed to [EMAIL PROTECTED]; sorry
> for not doing it via Cc:, but I forgot.)
>
> On Fri, 13 Jun 2003 14:18:44 -0400
> Tim Peeler <[EMAIL PR
Followup:
This has caused problems on some of our old potato systems as well.
It appears to be a worm with the speed in which it spread.
On Fri, Jun 13, 2003 at 02:18:44PM -0400, Tim Peeler wrote:
> In the last 4-5 days we have had 8 servers come under attack. We are
> working frantically
http://www.securityfocus.com/bid/7757 says Debian Linux 2.2 has Aladdin
Enterprises Ghostscript 5.10.10 and is vulnerable toan arbitrary command
execution vulnerability. It lists cve CAN-2003-0354 and zfile.c...
It says that the vulnerability was published May 17th, 2003.
Is this really a vulner
On Fri, Jun 13, 2003 at 05:52:21PM -0400, Tim Peeler wrote:
> Just for information, these failed the global check:
> bin/cp FAILED
> bin/dd FAILED
> bin/df FAILED
> bin/dir FAILED
> bin/ln FAILED
> bin/ls FAILED
> bin/mv FAILED
> bin/rm FAILED
> bin/su FAILED
> bin/ping FAILED
> bin/ps FAILED
> bin
On Fri, 13 Jun 2003 17:52:21 -0400, Tim Peeler wrote:
>On Fri, Jun 13, 2003 at 05:15:28PM -0400, David B Harris wrote:
>>
>> On Fri, 13 Jun 2003 14:18:44 -0400
>> Tim Peeler <[EMAIL PROTECTED]> wrote:
>> > In the last 4-5 days we have had 8 servers come under attack. We are
>> > working frantica
Hello,
I think my box has been compromised.. its my first time and it is a
rather unpleasant experience!
debian woody on a p4 dell 8200 kernel 2.4.18 (that hasn't really been
patched at all)
I cant boot ... my system hangs on a message saying "starting portmap"
I've used a gentoo ins
21 matches
Mail list logo
