On Tue, Jul 17, 2001 at 11:26:58AM +0100, Alex Buell wrote:
> I'm just wondering how they managed to get in given that I never download
> binaries and always compile from sources myself. Probably through a
> compromised TCP/IP service, I bet.
That would be a good guess. Without knowing what distribution
you are on and what services you are running, it's impossible to guess.
But there aren't too many out there that don't have something and all
of them have have security updates even for the latest distros. I just
got done researching a couple of DNS worms that are taking advantage
of Bind 8.2.2 and earlier. They probe through DNS only and are massively
scanning the entire IPv4 address space. In three weeks I saw over
30,000 probes into a /19 monitored address space from over 3,000 unique
compromised hosts. At that probing level, it's almost impossible NOT
to get poked by one of those suckers sooner or later. A lot of others
are scanning for port 111 (sun_rpc) or port 515 (lp) and there have been
a raft of problems in ftp. All of these are being automatically scanned
for and even slow dial-ups are going to get hit sooner or later.
It's gotten decidedly MORE hostile out there in the last year or
two with the appearance of these scripted worms, like Ramen, L1on, and TSIG,
that people can just tack more exploits onto and release in the wild.
> Hey, they *are* out to get you, but it's nothing personal.
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jul 23 2001 - 21:00:08 EST