Exodus: this is bad
Edward S. Marshall
emarshal at logic.net
Tue Nov 17 02:34:00 UTC 1998
On Mon, 16 Nov 1998, Richard Irving wrote:
> This appears to be a concerted effort. This type of attack
> is propogating to new origin IP's by the hour. There seems to
> be a pattern forming....
Has anyone considered that this might be a worm?
The attacked hosts have all exhibited the same characteristics: stock Red
Hat 5.1 install, running (probably) the stock named that came with it,
which is a known vulnerable bind release. There are a -lot- of these boxen
out there.
Plus, the mechanical attacks on particular ports.
This sounds fairly automated to me...but hey, what do I know? ;-)
--
Edward S. Marshall <emarshal at logic.net> /> Who would have thought that we -o)
http://www.logic.net/~emarshal/ // would be freed from the Gates of /\\
Linux Weenie, Open-Source Advocate </ hell by a penguin named "Tux"? _\_v
More information about the NANOG
mailing list