[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossig] Re: [slugnet] Warning !!! Security Hole in Samba server

To: gazy@photoforum.org, msmkl@yahoogroups.com, slugnet <slugnet@lists.lugs.org.sg>, ossig <ossig@mncc.com.my>, vlee yahoogroups <vlee@yahoogroups.com>, dialogic <dialogic@yahoogroups.com>
Subject: [ossig] Re: [slugnet] Warning !!! Security Hole in Samba server
From: Vincent Lee <leehongfay@yahoo.com>
Date: Wed, 30 Apr 2003 19:59:52 +0100 (BST)
In-reply-to: <200305010219.20882.gazy@photoforum.org>
Reply-to: ossig@mncc.com.my
Sender: owner-ossig@mncc.com.my

hi gazy,
fully agree... yes.. will use ipchains to filter the
traffic, and only enable minimal network services.

After my machine was broken into, I detected some
constant network connections to the following IP
addresses

81.182.40.93 and 216.194.161.130 and 210.187.110.18

I believe the hacker's program works on redhat 9.0.

cheers
Vince




 --- Gazy <gazy@photoforum.org> wrote: > 
-----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thursday 01 May 2003 02:05 am, Vincent Lee wrote:
> > Hi Guys,
> >
> > Just a warning, one of my servers has been hacked
> by a
> > joker who exploited the latest samba server
> > vulnerability (which was released on Apr 10th).
> The
> > fella promoted himself as the root user, and was
> > running psyBNC and irc server .......
> 
> Maybe you should have a firewall to deny external
> SMB
> traffic to your servers? Internal users still can
> hack though,
> but you can always strangle them or even be lenient
> enough
> to crucify them on a Cross.
> 
> >
> > Just an alert to all.. good luck !!!
> >
> > Best regards,
> > Vincent
> >
> > =====
> > ---------------------------------------------
> > http://vlee.net/       mailto:vlee@vlee.net
> > ---------------------------------------------
> >
> > __________________________________________________
> > Yahoo! Plus
> > For a better Internet experience
> > http://www.yahoo.co.uk/btoffer
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> slugnet-unsubscribe@lists.lugs.org.sg
> > For additional commands, e-mail:
> slugnet-help@lists.lugs.org.sg
> 
> - -- 
> Raymond 'Gazy' Ng
> Director, Photoforum, http://www.photoforum.org
> Moderator, SME Funding Links,
> http://groups.yahoo.com/group/smefundinglinks
> PGP : http://www.photoforum.org/signature/gazy.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
>
iD8DBQE+sBOmszXh7hjw3toRAmqMAKDE/gBZ6AfDCq81UQWTtT3hnCklIgCg12rQ
> k0b27LJEz6TTQg99GJAp5AU=
> =F4r7
> -----END PGP SIGNATURE-----
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> slugnet-unsubscribe@lists.lugs.org.sg
> For additional commands, e-mail:
> slugnet-help@lists.lugs.org.sg
>  

=====
---------------------------------------------
http://vlee.net/       mailto:vlee@vlee.net
---------------------------------------------

__________________________________________________
Yahoo! Plus
For a better Internet experience
http://www.yahoo.co.uk/btoffer

------------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message

Prev by Date: [ossig] Warning !!! Security Hole in Samba server
Next by Date: [ossig] RE: [slugnet] Warning !!! Security Hole in Samba server
Previous by thread: [ossig] Warning !!! Security Hole in Samba server
Next by thread: [ossig] RE: [slugnet] Warning !!! Security Hole in Samba server
Index(es):
- Date
- Thread