resolved Re: should i publish a list of cracked machines?

Kevin Houle kjh at cert.org
Thu Aug 23 17:41:42 UTC 2001


--On Thursday, August 23, 2001 12:39:21 -0400 Jim Mercer <jim at reptiles.org> 
wrote:

> my suspicions and some things to look for:
>
> - boxes were comprimised using the buffer overflow in telnetd
> (speculation)

The CERT/CC is aware of some level of automated exploitation of
the recently described telnetd vulnerability. If folks have yet
to patch systems for that particular vulnerability, it would be
a good thing to spend time doing. We've seen it used to deploy
DDoS-capable tools, for example.

More info on the vulnerability at:

 http://www.kb.cert.org/vuls/id/745371

Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010823/5313bbdf/attachment.sig>


More information about the NANOG mailing list