Made in Romania.....damn, that rings me a bell... The solution against these types of attacks (as we handle them pretty much, since i'm a romanian sysadmin of Astral Telecom) is knowing pretty much what you're doing with your hosts.allow and deny files, forbidding acces to all ips on every service, if possible filter all the services you need to provide and close all the others...and especially, use the grsecurity patches for your kernel (www.grsecurity.org), patches that make your kernel invulnerable to most romanian exploits, that are based either on rpc overflow, ssh overflow or wu-ftpd overflows. For everyone on the list, if you need other examples of romanian rootkits/exploits, for you to analyse and learn how to defend yourself, please don't hesitate to contact me on private address. Alexandru Frangeti, SysAdmin Astral Telecom SA. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 10:05:03 PDT