Security Incidents mailing list archives
Taiwan server compromise
From: claudiuc () METROPOLIS ESENTIAL RO (Claudiu Costin)
Date: Fri, 26 May 2000 10:47:46 +0300
Hi all, I've noted more AXFR's from a comercial taiwan site. After nmap scan I found more services open and especially telnet. In few steps using home page email address (which have same password as login name) I tried to telnet. Surprise! Even password wasn't necessary. Looking in /etc/passwd I found as last line a user (craker :) account with uid=0. What can I do? I don't have experience with this situations. P.S. 1) I not tried to "verify" weakness for rest of accounts, but who know? 2) I send a mail on "service" account explaining compromise. regards, -- Claudiu COSTIN <claudiuc () metropolis esential ro>
Current thread:
- Attacks on port 25, (continued)
- Attacks on port 25 Vincent Lim (May 25)
- Re: Attacks on port 25 Ryan Russell (May 26)
- Re: Attacks on port 25 Bill Lavalette (May 28)
- Re: Attacks on port 25 RayW (May 29)
- invalid icmp in linux? Eric LeBlanc (May 27)
- Re: invalid icmp in linux? Jose Nazario (May 28)
- weird scan pattern Joe H (May 28)
- Re: weird scan pattern Russell Fulton (May 29)
- IDS: Scan of the week Lance Spitzner (May 30)
- 5 scans of 12345 in a couple of hours. AUSCERT#36349 Russell Fulton (May 31)
- Taiwan server compromise Claudiu Costin (May 26)
- Re: Taiwan server compromise Vortex (May 26)
- port 44767 activity Nathan Fain (May 28)
- Re: AMDROCKS Alejandro (May 26)
- Re: AMDROCKS J. S. Townsley (May 26)
- Re: AMDROCKS Lance Spitzner (May 26)
- Re: AMDROCKS Matthew F. Caldwell (May 26)
- CERT's Handbook for Computer Security Incident Response Teams (CSIRTs) Elias Levy (May 26)