[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: Re: Code Red Special Effects (WAS: Hacking my Raq4i???)

Subject: [cobalt-security] Re: Re: Code Red Special Effects (WAS: Hacking my Raq4i???)
From: "Michael J. Cannon" <mcannon@xxxxxxxxxxxxxx>
Date: Wed, 8 Aug 2001 00:06:13 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Okay, the flamethrower is off.

First, let me apologize to those that do their jobs, instead of the things I
alleged they did.  I suppose I need to take up the noisome habit of
including 'emoticons' to show when my tongue is firmly in my cheek.

As to my rant, well...after 350K mail messages to 16 of my 30 3rd-rank ISP
clients as a result of a similar script as Wampy and Ted were postulating, I
was a bit snowed under.  Such measures ARE worse than the disease they
purport to cure.

What's really maddening, on a 'security list' is that none of the 'pros'
here suggested the obvious course of action:  join dshield.org, list your
membership in the 'FightBack!' club and let them handle it. The URL is:
http://dshield.org/signup.html
Make sure to check the last box on the form.  Then, go get one of the log
harvester scripts, set up ipchains or iptables (depending on your kernel
version) and set a cron job to send your logs to them.  You're done.

As to the other insecurities that I mentioned, the vuln lists can be signed
up for if you join SANS (http://www.sans.org) or begin to treat Google as
your friend.  Also, SecurityFocus.com runs a mass mailing list sign-up page,
or you can go to the ICAT and search (http://icat.nist.gov/icat.cfm).

Thanks to Ted for pointing out my mistakes.  I really AM showing my age!  I
plead stress, perl overload and temporary insanity brought on by CPAN
overexposure.

What I think Wampy and others might want to do that would be HIGHLY
appreciated by the community is to start a CobaltSIG site...call it the
sclera.org (Sun Cobalt Linux in the Enterprise Renovation Activity),
bluegreenlin.org,  or some other off-the-wall and tongue-in-cheek name, not
overtly compromising Sun or Cobalt's trademarks.  Make it a fun place to
learn how to check and update boxen that Sun seems to have forgotten they
sell.  I would pay USD$20 a year for membership in such a group.  Run it w/
PHPNuke, or uPortal, or Velocity, with a Jive or UBBS back-end.  Become the
site of authority where Cobalt owners and operators go to get the REAL
scoop, and learn how to run their rather weird, but appealing little boxen.

Again, apologies to those who took offense at my unprofessional postscript.
I plead insanity.  I know that doesn't excuse it, but 350K separate emails
to my inbox, (along with paniced clients and broken little blue boxen) tend
to stress this old guy.


Michael J. Cannon
mailto:mcannon@xxxxxxxxxxxxxx

Follow-Ups:
- Re: [cobalt-security] Re: Re: Code Red Special Effects (WAS: Hacking my Raq4i???)
  - From: Carrie Bartkowiak

Prev by Date: [cobalt-security] ssh_config file and the "Host *" directive
Next by Date: [cobalt-security] Idea for a new web site
Previous by thread: Re: [cobalt-security] ssh_config file and the "Host *" directive
Next by thread: Re: [cobalt-security] Re: Re: Code Red Special Effects (WAS: Hacking my Raq4i???)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index