nph-traceroute

Karyn Ulriksen Karyn at Broadspire.com
Mon Apr 14 17:45:49 UTC 2003


Hi All,

  I know that there are quite a few of you out there that are using the
nph-traceroute scripts on your servers.  A script kiddie has discovered that
it's a vulnerable script and is actively search through Google for sites
that are using this.  It's kind of stupid because he just has www
priveleges, but it has proved to be annoying.  I know I should have plugged
mine a while back and had planned to,  but you know... the cobbler's
children are barefoot and the shrink's wife is crazy.

  If you need a handy regex for checking if your perl based nph-traceroute
or nph-ping is getting a domain or IP, let me know, I'll be happy to send it
your way.  The guy didn't think twice about doing a rm -rf / on all the
website user/group content.  Check your logs for quiet.unixman.org.

Karyn



More information about the NANOG mailing list