Bugtraq mailing list archives
identd hole?
From: blh () nol net (Brett L. Hawn)
Date: Mon, 15 Jul 1996 17:57:36 -0500
Lately I've heard rumours about this 'identd' hole in RFC1413, we've seen this abused on IRC several times in recent days. Then today I had someone claim they had the root password on my machine at home. So I telnetted in, changed it and waited since he claimed he was going to hack it. Apparently he did because I caught him with a login proccess which I promptly killed, then being rather peeved I /kill'd him on irc. This apparently pissed him off even more so he re-hacked my machine and brought it down, at this time I'm not even sure if it's reviveable as I've not had a chance to check it, all I know is that its dead in the water currently. Right after that I did a netstat -n on the machine I was on at work. Voila.. there were about two dozen connections from his IP (I checked) to my identd port (113). Now I'm guessing that Solaris 2.5x86 doesn't have the same bug or I caught it in time since I saw no adverse effects on that machine. The machine effected (and killed) was a linux 2.0.0 machine, but I have heard of many other machines of random type being effected in such a manner. Aleph-1 mentioned that it might be a sendmail overrun bug if the connections were to HIS ident port but they were not. All the same this bug is also news to me (I'm fairly new to bugtraq) and I can only assume that this also has been used in the past(?). MY current sendmail on *all* of my machines is 8.7.5 but I'm willing to bet that there are already hacks to that one as well. [-] Brett L. Hawn (blh () nol net) [-] [-] Networks On-Line - Houston, Texas [-] [-] 713-467-7100 [-]
Current thread:
- Re: at the risk of another flamefest.. Peter Jeremy (Jul 15)
- Re: at the risk of another flamefest.. David Stagner (Jul 15)
- identd hole? Brett L. Hawn (Jul 15)
- Re: identd hole? Rob Quinn (Jul 16)
- <Possible follow-ups>
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Mike Neuman (Jul 15)
- Re: at the risk of another flamefest.. Brian Clapper (Jul 16)
- Re: at the risk of another flamefest.. David Miller (Jul 16)
- Re: at the risk of another flamefest.. David Stagner (Jul 16)
- [linux-security] sliplogin David Holland (Jul 16)
- Re: at the risk of another flamefest.. Steve \ (Jul 16)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 16)