North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: OT: Earthlink Contact - Important Root Hacked

  • From: Valdis.Kletnieks
  • Date: Fri Jul 07 16:00:25 2000

On Fri, 07 Jul 2000 12:46:12 PDT, "K. Graham" <[email protected]>  said:
> This exploit was used on us and we would like to remove any likelihood
> of others being compromised.   The exploit is in the hands of the people
> at rootshell.

Umm.. is this a *new* exploit that the rootshell people have been given, but
isn't in general circulation yet?

If it's already available at rootshell, you should assume that every script
kiddie on the planet has a copy, and start patching your systems.  Unless
you've been VERY lucky and are one of the first dozen or so machines to have
been targeted by a brand-new exploit, removing the copy that's at earthlink
is just urinating into the wind.

Note - this is *NOT* saying that the Earthlink machine doesn't need cleaning
up - just that the *exploit* is almost certainly widespread enough that removal
of the one copy won't change the fact it's out there and will be used on others.

-- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

Attachment: pgp00015.pgp
Description: PGP signature