On 29-Sep-98 Charl Botha wrote: > On Mon, 28 Sep 1998, Dan Stromberg wrote: >> We've had a lot of script kiddies running an exploit against our campus, >> that checks for accounts that are passwordless by default in IRIX 6.2 - >> like 4Dgifts, EZsetup, and so on. I've seen indications this isn't >> limited to our campus... > > Have a look at www.nessus.org -- Nessus is a network security tool that > definitely scans for these default accounts. Well, in fact there is a bug in the current version which will boost your adrenaline for nothing : some accounts are said to be passwordless, whereas they are not. I suggest that you use the work-in-progress version instead, (available at http://www.nessus.org/wip/) which corrects this problem and adds several new checks (there are now 109 plugins in Nessus). -- Renaud -- Renaud Deraison <deraisonat_private> The Nessus Project -- http://www.nessus.org http://www.{fr,fi,jp}.nessus.org
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:09 PDT