Any system this day in age to get hacked via finger, rpc and/or ftp can not be considered to have been patched nor secured in any real manner, thus these were exposed systems without security measures in place, and as susceptable <almost> as any default widowns system one just got for x-mas and exposed without patches and anti-viri software and secureity measures taken to lock them down.
Thanks, Ron DuFresne On Mon, 5 Jan 2004, Compton, Rich wrote: > Anyone out there have more information on ISC's reports of patched Solaris > boxes being compromised? Here's the quote from the Incident Handler's Diary > for today: > > "Solaris 8 Hacks. We've received a few reports of significant intrusions > into networks of patched Solaris 8 machines. Initial analysis indicates what > appears to be a multi-vector attack, using finger, rpcbind, and ftp. In one > network, the systems that got broken into did not have tcpwrappers installed > nor did they have the rpcbind from Wietse Venema and Casper Dik that has > tcpwrapper support. However, there were Solaris 8 systems in the same > machine room that are behind on patches, but have tcp wrappers installed and > they were not broken into. If there have been other cases of similar > intrusions in the past few days, the Storm Center would like to hear about > it." > > -Rich Compton > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
