[lug] I wish RH users would secure...
D. Stimits
stimits at idcomm.com
Tue Apr 17 12:27:26 MDT 2001
I try to track the machine type and other info of every machine that
attempts to get into mine locally. Earlier today I found an ftp-based
attack (failed of course) from a RH 6.2 machine that had been cracked.
In addition to that machine being used to attempt cracking other
machines (mine), it had been defaced. What I found was this on their web
site:
Defaced by macwiz and mirinda of Silver Lords.SAVE KASHMIR!!! Contact us
at silverlords at yahoo.com
Although it will do no good, I forwarded the info to yahoo.com. A search
for silverlords showed this:
http://google.yahoo.com/bin/query?p=silverlords&hc=0&hs=0
It appears that these people are root kitting and defacing all over the
world, and since I saw an ftp test, I assume that ftp exploits are their
main attack.
Now since 90% of all machines that attack mine and that are probably
cracked are RH 6.2, I *really really really* would like to see all RH
users follow the security email list from RH (it gets tiring to see the
number of RH machines used to attack others). If you are a RH user and
permanently connected to the net, you *will* get cracked if you dont'
udpate and secure. Even if you are on a dialup, if you are around more
than a few minutes, chances are high you will get cracked also, even in
a few minutes, especially if you have a line faster than 56k.
Please go to www.redhat.com and subscribe to their email lists if you
run RH. Some useful links:
http://www.redhat.com/support/errata/
http://www.redhat.com/support/errata/rh62-errata-security.html
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list