Firewall Wizards mailing list archives
Re: [Fwd: SANS Flash Alert For Solaris]
From: James Triplett <james () mail th net>
Date: Tue, 4 Jan 2000 23:15:48 -0500
On Tue, Jan 04, 2000 at 03:08:49PM -0800, Peter J Dinauer wrote:
The hunt is on . . . .
Received: from SpoolDir by ROADRUNNER (Mercury 1.44); 4 Jan 00 13:10:19 pst8pdt If you have a lot of experience with software that is still a bit green, you could really make a contribution to the community by running and testing the scanning program. If you are less experienced you might want to delay a day or two. But don't delay long, the tool may have a short life span, as the attackers will begin to modify the trojan code to evade detection. Where to find the software: The host-based tool from NIPC may be found at: http://www.fbi.gov/nipc/trinoo.htm
I suppose this is legit. However, they are asking us to run AS ROOT, some unknown executable on all our important systems. Goes against the most basic security procedures! No source provided, no way to ensure that this isn't just another trojan... (even the fbi.gov site could be hacked, and anyway how do they know what is in the executable?) James
Current thread:
- [Fwd: SANS Flash Alert For Solaris] Peter J Dinauer (Jan 04)
- Re: [Fwd: SANS Flash Alert For Solaris] James Triplett (Jan 05)
- Re: [Fwd: SANS Flash Alert For Solaris] R. DuFresne (Jan 06)
- Re: [Fwd: SANS Flash Alert For Solaris] sedwards (Jan 06)
- Re: [Fwd: SANS Flash Alert For Solaris] R. DuFresne (Jan 06)
- Re: [Fwd: SANS Flash Alert For Solaris] spiff (Jan 06)
- Re: [Fwd: SANS Flash Alert For Solaris] James Triplett (Jan 05)