[LUAU] Millenium Worm
George Toft
LinuxAdvocate at iname.com
Sat Apr 17 10:08:16 PDT 1999
George Toft wrote:
>
> bbraun at sparcy.synack.net wrote:
> >
> > You use RedHat or SuSE don't you?
>
> Yeah.
Looking at logs on my SuSE machine, this worm tried
for a couple hours to get in, but did not succeed.
Score one for SuSE!!!
>
> > All these have been known about for a year or more.
> > Check the bugtraq and rootshell advisories on the
> > things referenced in the script.
> >
> > mountd was a major one that redhat screwed up on
> > big time. It was known a long time before the
> > distribution was shipped. In fact Olaf
> > (the maintainer) posted information about the
> > exploit to the linux nfs mailing lists, I believe.
> > Almost all other distributions were using a
> > relativly recent version of mountd, so they were
> > ok.
> >
> > The pop and imap exploits were running around about
> > a year ago now, I think. If you're running an open
> > pop or imap server, you deserve what you get.
>
> No red face here - no pop and no imap in my inetd.conf.
I spent a couple hours looking at the code for the worm.
It ftp's it's own source (and qpopper) and compiles it
on the host. So even if I didn't have qpopper then,
now I do.
Seems to me I could have prevented this attack from
proceeding by: Not having gcc and ftp (client)
installed; and (probably) by not using RedHat.
The code to this worm is fascinating. For someone
learning network programming using C, it would
be very enlightening.
--
George Toft http://gtoft.dynip.com/LinuxAdvocate/
__ __ _ __ __ __ ___ ___
| | | | | \ | | | | | | \ \ / /
-o) | | | | | \_| | | | | | \ \/ / (o-
/\\ | |__ | | | | | |_| | / /\ \ //\
_\_v |_____||__| |__|\___| \_______| /__/ \__\ v_/_
Don't fear the penguins...
--
__ __ __________ __
/ / / / / / __ / / / / Home Page: http://luau.hi.net
/ /__/ /_/ / /_/ / /_/ /
/____/\____/_/ /_/\____/ LUAU - Linux Users AnonymoUs - Hawaii
To unsubscribe: echo unsubscribe luau | mail majordomo at luau.hi.net
LUAU meetings are the 3rd Tuesday of each month 6pm
More information about the LUAU
mailing list