Exodus: this is bad

• Previous message (by thread): Exodus: this is bad
• Next message (by thread): Exodus: this is bad
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 16 Nov 1998, Richard Irving wrote:
>   This appears to be a concerted effort. This type of attack
> is propogating to new origin IP's by the hour. There seems to
> be a pattern forming....

Has anyone considered that this might be a worm?

The attacked hosts have all exhibited the same characteristics: stock Red
Hat 5.1 install, running (probably) the stock named that came with it,
which is a known vulnerable bind release. There are a -lot- of these boxen
out there.

Plus, the mechanical attacks on particular ports.

This sounds fairly automated to me...but hey, what do I know? ;-)

-- 
Edward S. Marshall <emarshal at logic.net> />  Who would have thought that we  -o)
http://www.logic.net/~emarshal/        // would be freed from the Gates of  /\\
Linux Weenie, Open-Source Advocate    </    hell by a penguin named "Tux"? _\_v

• Previous message (by thread): Exodus: this is bad
• Next message (by thread): Exodus: this is bad
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]