[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Concern about scans from Cobalt
- Subject: [cobalt-security] Concern about scans from Cobalt
- From: Bill Irwin <bill_irwin@xxxxxxxx>
- Date: Mon, 21 May 2001 15:19:03 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hey Folks,
I've gotten a number of notices in the emails that indicated Port 111
scans coming from 64.224.123.177 or mail.skublin.cobalt.com
177.123.224.64.in-addr.arpa name = mail.skublin.cobalt.com.
177.123.224.64.in-addr.arpa name = skublin.cobalt.com.
These scans are possibly due to 2 things:
Sun Solaris has a bug in rpc.statd (buffer overflow)
Windows IIS has a Unicode exploit.
If you are receiving these in your logs, please head over to the Email
Support form on our web site http://www.cobalt.com/support/help.php3 and
give the letter the subject "Cobalt Intrusion - ATTN - Bill". Please
include all the info from your logs that you can to help us determine
where it may be coming from.
This may be someone spoofing the cobalt server.
We are currently looking into this matter.
--
Bill Irwin
Technical Support Engineer
Sun Microsystems, Inc.