[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Am I missing something here
- Subject: Re: [cobalt-security] Am I missing something here
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 13 Mar 2002 22:48:40 -0500
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Wednesday 13 March 2002 01:10 pm, Steve Mansfield wrote:
> Over the last 2 weeks we have had 6 Cobalts on our network HACKED!!! One
> was even hacked then taken down to be reloaded on a saturday afternoon
> and by the saturday night had been done again. They have been a mixture
> of raq3 & 4's which have all been fully patched to the hilt and with a
> few other security features added to the backend. WHAT'S GOING ON WITH
> THESE THINGS!!
>
> Behind a firewall they are fairly safe ( but getting them to work in the
> first place is a nightmare ), but without that security they are about
> as safe as a drunk with a box of matches. A brand spanking new raq4 went
> on to the network yesterday and by this morning it was about as useful
> as a chocolate teapot. Someone had got root access, taken off the latest
> patches and put his own version of SSH on the box. I am fully aware of a
> stint last year when even a cobalt engineer told me that there had been
> a spate of hacks that they didn't know how to fix!!!!
>
> Not that i expect too much of an answer from this email, but if there is
> a group of people that should know about these issues it's the mailing
> list and COBALT themselves. Does anybody at Cobalt ( sorry, i should say
> SUN ) actually care!!!
I have had a lot of ssh protocol 1 scans
You are running ONLY protocol 2 aren't you?
And you are running 3.1p1
--
Gerald Waugh
New Haven, Connecticut USA