Hallo Markus,
* Markus Hubig <[EMAIL PROTECTED]> [19-09-01 17:22]:
> Momantan geistert ja wider so ein neuer Internet-Wurm namens "nimda"
> durch die Netze. Alles was ich ueber diesen Wurm gelesen habe besagt
> aber dass es _NUR_ WinXX(XX)? Rechner angreift ... !!
Ja, ist echt lustig das die einfach nicht lernen wollen.
> Scheint ein Linux-Rechner zu sein!! Oder interpretiere ich da was
> falsch??
Zwei Mails von Avinesh Bangar u. Gerald Carter aus NTBugtraq:
| It seems that open Samba (Linux) shares are also affected -- possibly
| because the Samba server is emulated as a Windows NT 4.2 Server? I just
| searched the shares for *.eml and *.nws and deleted the respective
| files. It seems as though not all shares were affected, just the ones
| that had FTP access.
|
|---------------------------------
|
| After talking to a few people it seems I was wrong. Apparently it tries
| to drop its files onto CIFS/SMB servers by logging in as guest. If Samba
| had a valid user named guest with no password, then it would suceed ...
|
| or if you have "map to guest" in smb.conf set to anything other than the
| default of "Never", you might see this as well. Of course, this also
| assumes that "guest" has write access to shares.
|
| Apologies for the previous hasty and incorrect response. Hope this helps.
> Koennte es sein dass die "nimda"-Attacke von nem Rechner stammte der
> hinter diesen Linux-Rechner steht und per masquerading oder proxy
> aggiert??
Klar.
Janto
--
Janto Trappe Germany /* rapelcgrq znvy cersreerq! */
GnuPG-Key: http://www.sylence.de/gpgkey.asc
Key ID: 0x8C53625F
Fingerprint: 35D7 8CC0 3DAC 90CD B26F B628 C3AC 1AC5 8C53 625F
PGP signature
