Re: Debian is safer than this ? I REALLY HOPE SO !
Hi, I too, say it's nothing to do with the distribution, everything to do with the administrator. If you get bit by lprng, shame on you. If you get bit by statd, resign, that one's old. I had 50 machines trojaned with it when the spoit first came out, but due to good IDS (a a co-worker in the office that sunday writing a security paper :) all the network ports to these machines were disabled before cracker boy retured to use any of the backdoors. Vigilance is the watch word. -Jon
Re: Debian is safer than this ? I REALLY HOPE SO !
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > <> > > http://www.theregister.co.uk/content/6/16168.html Anything that runs the vulnerable versions of those programs is vulnerable, including Debian. The key is to keep up to date with security "patches" so that you aren't running the vunlerable versions of those programs. Problems like this will only affect those systems that aren't being maintains (through lack of time, administrator cluelessness, or whatever). - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6ZwTf/ZTSZFDeHPwRAmgzAJ0RaaOELp++bBJ7kFGDYmkfUiR2VwCgzwD/ CnMTj0iEikSTcg9vjS24CcM= =xr0n -END PGP SIGNATURE-
RE: Debian is safer than this ? I REALLY HOPE SO !
Greetings, Well, I just happen to be checking my log files when I came across some unusual access requests. I run portsentry and it didn't report anything, however I do have ftpd listening (my portsentry config does not check that port). I found some odd ftp requests, so just to be evil, I nmap'ed the offenders. All of them had http running, so I jumped over to my browser and popped in the IP address. Voila! Ramen Crew! The server I have is stock debian 2.2 i386. I track security.debian.org, and it didn't get me. I suggest people check their log files, you might find something to laugh about. Brooks > -Original Message- > From: Joris Lambrecht [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 18, 2001 4:48 AM > To: 'debian-user@lists.debian.org' > Subject: Debian is safer than this ? I REALLY HOPE SO ! > > > <> > > http://www.theregister.co.uk/content/6/16168.html >
RE: Debian is safer than this ? I REALLY HOPE SO !
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > WELL, i'm might have been somewhat too eager to spark a discussion ... > the thing i'm wondering/confused about is that the 'worm' infects only > redhat systems, according to this article at least ... strange eh ? I don't have many details on the worm. Its possible it relies on a combination of programs. I've not had a chance to investigate. *I* know my systems aren't vulnerable - I'm running non-vunlerable versions, not running those programs at all, or it's all behind a restrictive firewall anyway :) > i only now had the time to read the securityfocus report, and yes indeed all > linux's with these versions are vulnerable. > > anyway, good to know i turned of my machine this morning :) Great way to not get your computer hacked :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6Zx/Z/ZTSZFDeHPwRAp4AAKDhJorjbPqH/ECwU1E1werwRQyhTACfSp1N ir+Rzzda6MHKAHsp/joo/OU= =sTye -END PGP SIGNATURE-
Re: Debian is safer than this ? I REALLY HOPE SO !
On Thu, Jan 18, 2001 at 11:47:55AM +0100, Joris Lambrecht wrote: > <> > > http://www.theregister.co.uk/content/6/16168.html No, I don't think Debian is any safer. Admins of publicly accesible machines need to track security updates. -- Eric G. Miller
RE: Debian is safer than this ? I REALLY HOPE SO !
This is no different than running Winderz and using a copy of McAfee's Antivirus that is several years old. If you don't keep up your going to get hit eventually. -=[cwa]=- On Thu, 18 Jan 2001, Joris Lambrecht wrote: -|WELL, i'm might have been somewhat too eager to spark a discussion ... the -|thing i'm wondering/confused about is that the 'worm' infects only redhat -|systems, according to this article at least ... strange eh ? -| -|i only now had the time to read the securityfocus report, and yes indeed all -|linux's with these versions are vulnerable. -| -|anyway, good to know i turned of my machine this morning :) -| -|J.L. -| -|-Original Message- -|From: Phil Brutsche [mailto:[EMAIL PROTECTED] -|Sent: Thursday, January 18, 2001 4:00 PM -|To: Joris Lambrecht -|Cc: 'debian-user@lists.debian.org' -|Subject: Re: Debian is safer than this ? I REALLY HOPE SO ! -| -| -|-BEGIN PGP SIGNED MESSAGE- -|Hash: SHA1 -| -|A long time ago, in a galaxy far, far way, someone said... -| -|> <> -|> -|> http://www.theregister.co.uk/content/6/16168.html -| -|Anything that runs the vulnerable versions of those programs is -|vulnerable, including Debian. The key is to keep up to date with security -|"patches" so that you aren't running the vunlerable versions of those -|programs. -| -|Problems like this will only affect those systems that aren't being -|maintains (through lack of time, administrator cluelessness, or whatever). -| -|- -- -|- -- -|Phil Brutsche [EMAIL PROTECTED] -| -|GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC -|GPG key id: 50DE1CFC -|GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -|-BEGIN PGP SIGNATURE- -|Version: GnuPG v1.0.4 (GNU/Linux) -|Comment: For info see http://www.gnupg.org -| -|iD8DBQE6ZwTf/ZTSZFDeHPwRAmgzAJ0RaaOELp++bBJ7kFGDYmkfUiR2VwCgzwD/ -|CnMTj0iEikSTcg9vjS24CcM= -|=xr0n -|-END PGP SIGNATURE- -| -| -|-- -|To UNSUBSCRIBE, email to [EMAIL PROTECTED] -|with a subject of "unsubscribe". Trouble? Contact -|[EMAIL PROTECTED] -| -| -|-- -|To UNSUBSCRIBE, email to [EMAIL PROTECTED] -|with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -| --- Christopher W. Aiken Programmer Analyst UNIX System Engineering [EMAIL PROTECTED] Ansys, Inc. 275 Technology Drive Canonsburg, Pa 15317
RE: Debian is safer than this ? I REALLY HOPE SO !
This is no different than running Winderz and using a copy of McAfee's Antivirus that is several years old. If you don't keep up your going to get hit eventually. -=[cwa]=- On Thu, 18 Jan 2001, Joris Lambrecht wrote: -|WELL, i'm might have been somewhat too eager to spark a discussion ... the -|thing i'm wondering/confused about is that the 'worm' infects only redhat -|systems, according to this article at least ... strange eh ? -| -|i only now had the time to read the securityfocus report, and yes indeed all -|linux's with these versions are vulnerable. -| -|anyway, good to know i turned of my machine this morning :) -| -|J.L. -| -|-Original Message- -|From: Phil Brutsche [mailto:[EMAIL PROTECTED] -|Sent: Thursday, January 18, 2001 4:00 PM -|To: Joris Lambrecht -|Cc: 'debian-user@lists.debian.org' -|Subject: Re: Debian is safer than this ? I REALLY HOPE SO ! -| -| -|-BEGIN PGP SIGNED MESSAGE- -|Hash: SHA1 -| -|A long time ago, in a galaxy far, far way, someone said... -| -|> <> -|> -|> http://www.theregister.co.uk/content/6/16168.html -| -|Anything that runs the vulnerable versions of those programs is -|vulnerable, including Debian. The key is to keep up to date with security -|"patches" so that you aren't running the vunlerable versions of those -|programs. -| -|Problems like this will only affect those systems that aren't being -|maintains (through lack of time, administrator cluelessness, or whatever). -| -|- -- -|- -- -|Phil Brutsche [EMAIL PROTECTED] -| -|GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC -|GPG key id: 50DE1CFC -|GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -|-BEGIN PGP SIGNATURE- -|Version: GnuPG v1.0.4 (GNU/Linux) -|Comment: For info see http://www.gnupg.org -| -|iD8DBQE6ZwTf/ZTSZFDeHPwRAmgzAJ0RaaOELp++bBJ7kFGDYmkfUiR2VwCgzwD/ -|CnMTj0iEikSTcg9vjS24CcM= -|=xr0n -|-END PGP SIGNATURE- -| -| -|-- -|To UNSUBSCRIBE, email to [EMAIL PROTECTED] -|with a subject of "unsubscribe". Trouble? Contact -|[EMAIL PROTECTED] -| -| -|-- -|To UNSUBSCRIBE, email to [EMAIL PROTECTED] -|with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -| --- Christopher W. Aiken, Scenery Hill, Pa, USA chris at cwaiken dot com, www.cwaiken.com Current O/S: Debian GNU/Linux 2.2_r2
Re: Debian is safer than this ? I REALLY HOPE SO !
Joris Lambrecht wrote: > > http://www.theregister.co.uk/content/6/16168.html Describing holes in lprng, wu.ftpd, and rpc.statd. None of these holes are present in potato with the updates from security.debian.org. cheers, Remco.
RE: Debian is safer than this ? I REALLY HOPE SO !
WELL, i'm might have been somewhat too eager to spark a discussion ... the thing i'm wondering/confused about is that the 'worm' infects only redhat systems, according to this article at least ... strange eh ? i only now had the time to read the securityfocus report, and yes indeed all linux's with these versions are vulnerable. anyway, good to know i turned of my machine this morning :) J.L. -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Thursday, January 18, 2001 4:00 PM To: Joris Lambrecht Cc: 'debian-user@lists.debian.org' Subject: Re: Debian is safer than this ? I REALLY HOPE SO ! -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > <> > > http://www.theregister.co.uk/content/6/16168.html Anything that runs the vulnerable versions of those programs is vulnerable, including Debian. The key is to keep up to date with security "patches" so that you aren't running the vunlerable versions of those programs. Problems like this will only affect those systems that aren't being maintains (through lack of time, administrator cluelessness, or whatever). - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6ZwTf/ZTSZFDeHPwRAmgzAJ0RaaOELp++bBJ7kFGDYmkfUiR2VwCgzwD/ CnMTj0iEikSTcg9vjS24CcM= =xr0n -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]