[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cracked DEC machine
Actually, the cracker was found fairly soon after he got access, he
started working on other computers on campus. We had a power outage on
Sunday and I'm pretty sure he did not crack our system until after that
power outage. When I came in Monday morning, someone in a nearby lab had
unplugged the computer from the ethernet and left me the news that someone
was trying to break into his machine from our machine. He cracked through
a hole in CDE and the tooltalk RPC service. An advisory was put on CERT
in September, but I didn't see it. Of course, DEC isn't even listed on
the warning. Nice job DEC (or should I say Compaq). There is a fix at
DEC/Compaq. There are several other systems listed at:
TED is also affected in the off chance anyone has that installed.
I'm still not sure how they got into the NetBSD machine. I imagine it was
through sendmail or finger. I was just playing around, but I should have
known better. Maybe after my general exam I'll try again. I suspect
these guys were interested putting eggbots everywhere as we had been
cracked 6 months ago and an eggbot placed on the system. Another DEC
system had an eggbot on their system also this time around.
I guess I'll have to subscribe to comp.security.announce now.
On 4 Feb 1999, Unfurl wrote:
> On Thu, Feb 04, 1999 at 09:29:40AM -0800, M. Kokaly wrote:
> > I was actually thinking about this when I wasn't busy trying to figure out
> > how a cracker broke into our DEC Unix station -> What a pain that's been.
> > Unfortunately, I'm also trying to prepare for my general exam, when it
> > rains, it pours. What a time for our system to get hacked.
> Ouch. Did you find the cracker by accident or by damage he created?
> > Incidently,
> > I was playing with NetBSD on a Mac and just quickly installed it and put
> > it on the net without doing much, just playing around. It was cracked by
> > the next morning. Arrgh! Anyway, my FreeBSD machine is currently off the
> > net as I double check all security on that and finally begin to use TCP
> > wrappers.
> How did they get into your NetBSD box? TCP wrappers are a really good
> idea. Even if you never expect to get attacked it is nice to have all of
> the logs available.
> > P.S. The culprit on the DEC Unix appeared to be a bug in CDE. Bye Bye
> > CDE. There is a fix, but I hate CDE anyway.
> Which bug was it? Do you know if it was DEC specific?
> I hate CDE too. My desktop at work is a Sparc5 runninf Solaris. Luckily
> Windowmaker runs just fine on it :)
> email@example.com - This is a munition. Fight Back!
> #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
> $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1