JDOW:
I run Fedora 2 (RedHat) Linux. I've updated most everything. I've not
updated to the very latest Apache. Perhaps that's needed.
How would I go about determining if indeed I have a vulnerability such as
what you are hinting at? I watch logs pretty closely, but cannot farret
out this one.
On Fri, 10 Mar 2006 03:20:33 -0800, jdow <[EMAIL PROTECTED]> wrote:
version=3.1.0 Received: from [11.54.168.176] by
mail.swbell.net; Fri, 10 Mar 2006 08:17:42 X-Originating-IP:
[60.170.26.144] via HTTP from
webmail.swbell.net; Fri, 10 Mar 2006 08:17:42
Message-ID: <[EMAIL PROTECTED]>
What I am REALLY interested in, Matt, is the DoD network that was hacked
so that the Received: line could happen. And is that the normal format
for a mail.swbell.net header? If it is forged then it got into his
machine directly without his machine logging it in. That COULD mean an
http vulnerability.
It would appear that helios does have a working http on it with a simple
pointer to the .67 address. So I might be moved to investigate the server
at helios for a vulnerability.
What would I look for?
But at the same time I would review how mail can get into helios
without ever being logged. That is a "bad thing".
I agree. How, again, do I start "looking" for this?
And I note that the .67 machine alias "prop.hfradio.org" includes a
comments page. That script could be vulnerable if updates to the OS
are not fully installed.
I've done quite a bit of buttoning up, here. I'll take a closer look at
this, too.
73 de Tomas, NW7US
: Propagation Editor for CQ, CQ VHF, Popular Communications :
: Contributing Editor for Monitoring Times - on Propagation :
: Creator; live propagation center http://prop.hfradio.org/ :
: Associate Member of Propagation Studies Committee of RSGB :
: 122.93W 47.67N / Brinnon, Washington USA CN87 CW/SSB/DIGI :
: Website/software/database design http://newwebmakers.com/ :
: 10x56526, FISTS 7055, FISTS NW 57, Lighthouse Society 144 :
