[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] HACK on RAQ3i

Subject: RE: [cobalt-security] HACK on RAQ3i
From: "Sean Chester" <seanc@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 5 Mar 2001 11:49:36 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

-----Original Message-----
Subject: [cobalt-security] HACK on RAQ3i

>we have just traced a hack into our primary NS  its a  Trin00 Deamon for
>DDOS attacks.

>The funny thing is that  this box has no Virtual sites and no ftp but
>Telnet enabled on it. I can't  see how they would have accessed the root
>shell.


the h4ck3r doesnt need a telnet or ftp service to r00t you.
they simply run an exploit on one of your services (probably proftpd or
bind) and there dropped
straight into a rootshell (in most cases).

most of the time they just just run a script that does it all for them,
hense the name 'scr1pt k1dd13z'

References:
- [cobalt-security] HACK on RAQ3i
  - From: kcelik

Prev by Date: Re: [cobalt-security] February Hack Update
Next by Date: Re: [cobalt-security] February Hack Update
Previous by thread: RE: [cobalt-security] HACK on RAQ3i
Next by thread: RE: [cobalt-security] HACK on RAQ3i

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index