[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Qubes - hacked
- Subject: Re: [cobalt-security] Qubes - hacked
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 30 Apr 2003 23:05:30 -0400
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Tuesday 29 April 2003 12:53, Harald Kapper wrote:
> hi
> my 2cents here:
>
> I also saw recently a Q3 hacked (while it was not ours it was a
> not-yet-customer's one).
>
> it basically had its firewall disabled (noone afterwards knew why :-))
> and virtually everything was infected with ELF/Rst.B
>
> which opens backdoors and this like.
>
> anybody got an a) idea how it comes?
> and b) if there is someone at sun that could make an educated analysis of
> logfiles in order to show how / what happened?
>
You have to be very careful with Qubes2/3 and SMB.
If SMB is accessable throught the Internet, not only the Qubes but the
workstations on the private net are accessable.
Firewall SMB for sure!
Gerald
--
http://frontstreetnetworks.com | http://store.raqware.com
ICQ: 229276628 | AIM handle: raqware
Front Street Networks LLC | Phone: 203-785-0699
229 Front Street, Suite C, New Haven, CT 06513-3203