Security Incidents mailing list archives
Re: Linuxconf scanning
From: "Granquist, Lamont" <lamont () ICOPYRIGHT COM>
Date: Tue, 22 Aug 2000 13:34:42 -0700
AFAIK you win the prize for the first person to publically report that a linuxconf version is remotely exploitable. Public information to-date (well as of a few months ago when I last checked) indicated that linuxconf was not vulnerable (at least in RH6.x) and that the linuxconf scanning that was reported was likely just OS detection or an exploit for an outdated version. If anyone has updated info, it'd be appreciated. On Mon, 14 Aug 2000, Jim Roland wrote:
Forget getting any further response from them. I sent a message to them when a RedHat 6.1 box I had was scanned and compromised with linuxconf (I closed the hole quickly) a customer of mine. I got the automated response they received my email, but nothing further from them ever again. That was over 3 months ago. Looks like the same guy is up to his old tricks again. Good Luck, Jim On Thu, 10 Aug 2000, Brian Sommers wrote:Date: Thu, 10 Aug 2000 15:11:43 -0500 From: Brian Sommers <brian.sommers () CNALIFE COM> To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Linuxconf scanning Just recently I did get a manual response from bora.net; I had sent a notice to both help () bora net and ipadm () bora net and received a reply that they were investigating. The message signature also had the following: ------------------------------ Security Staff, BORANet/DACOM E-mail : security () bora net phone : +82 2 6220 7413 fax : +82 2 6220 0340 -----------------------------------Original Message----- From: Dan Hollis [SMTP:goemon () ANIME NET] Sent: Wednesday, August 09, 2000 5:33 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: [INCIDENTS] Linuxconf scanning On Tue, 8 Aug 2000, James Hoagland wrote:APNIC was having connection problems yesterday but I managed to get through to find out it was a Korean address and got b0048228 () users bora net as the contact adress from KRNIC. The IP seems to be part of BORANET in Kyongnam, Korea. I also e-mailed abuse () bora net. I haven't gotten any replies but haven't gotten any bounces either.bora.net never answers. i don't know if it is a language barrier or if bora.net is black hat, but it's enough for me to blackhole all of their IP space. -Dan
Current thread:
- Linuxconf scanning Ian Eure (Aug 08)
- Re: Linuxconf scanning jeff keith (Aug 09)
- Re: Linuxconf scanning James Hoagland (Aug 09)
- Re: Linuxconf scanning Dan Hollis (Aug 10)
- <Possible follow-ups>
- Re: Linuxconf scanning Frank Dauer (Aug 09)
- Re: Linuxconf scanning Brian Sommers (Aug 13)
- Re: Linuxconf scanning Jim Roland (Aug 14)
- Re: Linuxconf scanning Granquist, Lamont (Aug 22)
- Re: Linuxconf scanning Jim Roland (Aug 14)
- Re: Linuxconf scanning Granquist, Lamont (Aug 24)
- Re: Linuxconf scanning Jon Lewis (Aug 24)
- Re: Linuxconf scanning St. Arnaud, Jon (Aug 25)