[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] RaQ2 Hacked within 1 day of being online

Subject: RE: [cobalt-security] RaQ2 Hacked within 1 day of being online
From: "Patrick Agee" <pagee@xxxxxxxxxxxxxx>
Date: Mon, 27 Aug 2001 16:46:29 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

KD - I doubt this hack was accomplished through any daemon exploit, as a
buffer
overflow requires working shellcode. It is doubtful that the hacker would
have known to use MIPS shellcode if he didn't know to use MIPS binaries.
Maybe they are doing brute force password guessing? How many login errors
do
you have?
PA - Only 3 login errors and then files start being changed/made.

KD - Consider the possibility that this is an inside job. Could one of your
customers / employees / former employees be doing this?
PA - Probably not inside job as I am the only one here with my company,
also the ISP where it's co-located has not hired/fired/ anybody new in last
8-10 months. IP's show the hits to mine are from Canada and one of my ISP's
Cobalt's have been hit and IP for theirs shows Europe.


_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

Follow-Ups:
- Re: [cobalt-security] RaQ2 Hacked within 1 day of being online
  - From: Kevin D

References:
- Re: [cobalt-security] RaQ2 Hacked within 1 day of being online
  - From: Kevin D

Prev by Date: Re: [cobalt-security] RaQ2 Hacked within 1 day of being online
Next by Date: [cobalt-security] Help!!!! SOS!!! Qube 3 Problem!!
Previous by thread: Re: [cobalt-security] RaQ2 Hacked within 1 day of being online
Next by thread: Re: [cobalt-security] RaQ2 Hacked within 1 day of being online

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index