Buffer overflow attack ?

Spiros Bolis sbolis at freemail.gr
Sun Aug 29 16:30:43 EEST 1999


At 02:35 ìì 29/8/1999 , you wrote:
>Gia apache 1.3.6 pithanon ontws na sou ekanan buffer overflow opws epishs
>kai an xrhsimopoieis netscape server pou exoun "100% problem.
Sketo Apache 1.3.6 apo RPMs .

>Oso gia to an
>petyxe to stoxo tou , tha mas bohthouses perissotero an ekanes ena
>netstat -a |grep LISTEN gia na doume an yparxei kapoio open port created
Ta mona poy den 3erw einai ta services stis portes 1000toso poy einai 
non-priviledged bebaia, alla eimai mesa me telnet, trexei kai o web server 
opote isws einai kapoio port forwarding. To 1004 me anhsyxei ligo [to 6000 
einai kapoio ODBC-sxetiko h h MySQL , de thymamai sigoyra]

% > netstat -a | grep LISTEN
tcp        0      0 
*:1039                  *:*                     LISTEN
tcp        0      0 
*:1038                  *:*                     LISTEN
tcp        0      0 
*:1037                  *:*                     LISTEN
tcp        0      0 
*:1036                  *:*                     LISTEN
tcp        0      0 
*:1035                  *:*                     LISTEN
tcp        0      0 
*:1034                  *:*                     LISTEN
tcp        0      0 
*:1025                  *:*                     LISTEN
tcp        0      0 
*:6000                  *:*                     LISTEN
tcp        0      0 
*:nntp                  *:*                     LISTEN
tcp        0      0 
*:netbios-ssn           *:*                     LISTEN
tcp        0      0 
*:mysql                 *:*                     LISTEN
tcp        0      0 
*:www                   *:*                     LISTEN
tcp        0      0 
*:smtp                  *:*                     LISTEN
tcp        0      0 
*:1004                  *:*                     LISTEN
tcp        0      0 
*:printer               *:*                     LISTEN
tcp        0      0 
*:ssh                   *:*                     LISTEN
tcp        0      0 
*:domain                *:*                     LISTEN
tcp        0      0 
*:linuxconf             *:*                     LISTEN
tcp        0      0 
*:auth                  *:*                     LISTEN
tcp        0      0 
*:finger                *:*                     LISTEN
tcp        0      0 
*:poppassd              *:*                     LISTEN
tcp        0      0 
*:pop-3                 *:*                     LISTEN
tcp        0      0 
*:login                 *:*                     LISTEN
tcp        0      0 
*:shell                 *:*                     LISTEN
tcp        0      0 
*:telnet                *:*                     LISTEN
tcp        0      0 
*:ftp                   *:*                     LISTEN
unix  0      [ ACC ]     STREAM     LISTENING     1045   /tmp/.X11-unix/X0
unix  0      [ ACC ]     STREAM     LISTENING     800    /tmp/.font-unix/fs-1
unix  0      [ ACC 
]     STREAM     LISTENING     776    /var/lib/mysql/mysql.sock
unix  0      [ ACC ]     STREAM     LISTENING     587    /dev/printer
unix  0      [ ACC ]     STREAM     LISTENING     1071   /tmp/.ICE-unix/708
unix  0      [ ACC ]     STREAM     LISTENING     73684  /dev/log
unix  0      [ ACC ]     STREAM     LISTENING     900    /var/run/news/nntpin


>meta to attack h koitaxe epishs mhpws exoun peiraxtei login,telnetd kai
>alloi daemons (Use tripwire kanei douleia)

Eida ligo ta RPMs kai de moy fanhke tipota peiragmeno. Twra fysika den exei 
nohma na balw to tripwire giati den eixw checksums apo prin. Ta logs (last, 
daemons k.o.k) poy eida den exoyn tipota periergo alla fysika borei na 
exoyn alloiwthei. (Twra ektimw thn odhgia toy tripwire poy leei "krata th 
database se safe medium px. disketa")

>Auta gia perissotera infos me personal e-mail....
>Euxaristw
>
>Reply on : Cyberia at hack.gr

O,ti idees exeis poly eyxaristws tha ithela na tis diabasw alla apo th 
stigmh poy esteila mail sth lista isws endiaferei kai ta alla paidia opote 
protimhsa na apanthsw sth lista

kai.....egw eyxaristw :-) ,


Spiros D. Bolis
--
====================================================================
Gia boithia (h na diagrafhte) e-mail sto majordomo at hellug.gr
Ta archives tis listas einai sto http://lists.hellug.gr/archives
prin steilete kapoia erothsh psakte mipos exei hdh apanththei.
Gia opoiodipote problima stilte e-mail ston owner-linux-greek-users at hellug.gr
====================================================================



More information about the Linux-greek-users mailing list