[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Concern about scans from Cobalt

Subject: [cobalt-security] Concern about scans from Cobalt
From: Bill Irwin <bill_irwin@xxxxxxxx>
Date: Mon, 21 May 2001 15:19:03 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hey Folks,

I've gotten a number of notices in the emails that indicated Port 111
scans coming from 64.224.123.177 or mail.skublin.cobalt.com

177.123.224.64.in-addr.arpa	name = mail.skublin.cobalt.com.
177.123.224.64.in-addr.arpa	name = skublin.cobalt.com.

These scans are possibly due to 2 things:
Sun Solaris has a bug in rpc.statd (buffer overflow)
Windows IIS has a Unicode exploit.

If you are receiving these in your logs, please head over to the Email
Support form on our web site http://www.cobalt.com/support/help.php3 and
give the letter the subject "Cobalt Intrusion - ATTN - Bill". Please
include all the info from your logs that you can to help us determine
where it may be coming from. 

This may be someone spoofing the cobalt server.

We are currently looking into this matter.

-- 
Bill Irwin
Technical Support Engineer
Sun Microsystems, Inc.

References:
- Re: [cobalt-security] FTP with admin
  - From: baltimoremd

Prev by Date: Re: [cobalt-security] FTP with admin
Next by Date: [cobalt-security] Cobalt, you have been hacked? :o)
Previous by thread: Re: [cobalt-security] FTP with admin
Next by thread: Re: [cobalt-security] FTP with admin

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index