Buffer overflow attack ?

Spiros Bolis sbolis at freemail.gr
Mon Aug 30 12:32:02 EEST 1999 

>  Den xreiazetai na anysixis lipon, kapio script kiddie pithanotata einai
>(pios allos tha dokimaze hack gia IIS se apache).  Vevaia ean exeis mixanima
>me IIS ekei gyro kai xoris ta patches gia auto to buffer overflow tote
>na arxiseis na trexeis.....

Ayto htan poly eyxaristo gia ta matia moy. Brhka kai sto
http://www.eeye.com/database/advisories/ad06081999/ad06081999-exploit.html
kwdika kai xrhsh
Na 'sai kala. Hsyxasa (gia twra).
Kai tha eidopoihsw osoys gnwstoys me IIS (makria apo mas, ftoy kaka :-] )

> > >netstat -a |grep LISTEN gia na doume an yparxei kapoio open port created
> > Ta mona poy den 3erw einai ta services stis portes 1000toso poy einai
[..]
>  Tha toniso oti genika einai ASXIMI idea na stelneis plirofories gia to
>mixanima sou se public listes, diladi ean sou zitaga to root password gia
>na do ean petyxe to script kiddie me to exploit tha to estelnes ??????

E twra moy ta xalas.... fainetai pws den prose3es kala to prwto posting 
moy, poy esteila kommati log file xwris IPs, hmeromhnies, referers ktl. 
Epishs den esteila poythena poio mhxanhma(ta) eneplakh(san).

>  Skepsou oti autos pou dokimase na bei sto mixanima sou borei na einai
>kai se autin tin lista (xoris na thelo na thikso kanenan) h kapios allos
>tha apoktisi arketes plirofories gia to setup sou oste na dokimasei na bei.

Safws kai to skefthka (idiws otan th lista th blepoyn ki apo newsfeed) kai 
en merei borw na pw to ekana kai gia na eidopoihsw (genika) pws tetoia 
symbanta ta anaferw akoma kai an einai anepityxh (hdh exw incident report 
number). Epishs, oso borw na skeftw, oi plhrofories poy edwsa den apoteloyn 
shmantikes plhrofories giati boreis na tis breis me ena sniffer, poy leei o 
logos.

>Skepsou lipon tin epomeni fora prina kaneis kati viastika.....

Eimai apo toys prwtoys poy de theloyne na synexizoyn ('h 3ekinane) flames 
kai gi' ayto to logo den thewrw oti otan grafeis "skepsoy" to grafeis 
kakopista (px. eisai toso blakas poy den boreis na skeftesai ti kaneis). 
E3alloy katalabainw pws itheles (kai theleis) na boithiseis kapoion poy den 
3erei kati poy 3ereis esy, gi ' ayto kai asxolithikes me to mail moy.

[An soy pw oti apo to netstat -a |grep k.t.l. ekopsa kapoies grammes poy 
exoyn sxesh me IPs, me lock files poy exoyn sxesh me usernames xrhstwn k.a. 
tha e3akoloythoyses na exeis thn idia gnwmh ?]

> > >meta to attack h koitaxe epishs mhpws exoun peiraxtei login,telnetd kai
> > >alloi daemons (Use tripwire kanei douleia)
> >
> > Eida ligo ta RPMs kai de moy fanhke tipota peiragmeno. Twra fysika den 
> exei
> > nohma na balw to tripwire giati den eixw checksums apo prin. Ta logs 
> (last,
> > daemons k.o.k) poy eida den exoyn tipota periergo alla fysika borei na
> > exoyn alloiwthei. (Twra ektimw thn odhgia toy tripwire poy leei "krata th
> > database se safe medium px. disketa")
>
>  Ta checksums einai xrisima, pantos kapios pou bike sto mixanima sou tha
>borouse aneta na frontisei oste ta allagmena arxeia na exoun akoma ta idia
>checksums opote den einai kati pou boreis na stirixtis epano tou.
>  Auto den simenei oti to tripwire einai axristo, apla pote min theoriseis
>oti mias kai to tripwire den paraponethike oti eisai secure.
>
>  H database tou rpm exei checksums episis, opote boreis na kaneis enan
>elenxo kai apo ekei... rpm --verify xxxxxxx

Paradexomai pws den hmoyn akribhs s' ayta poy egrapsa alla otan lew oti 
"eida ligo ta RPMs" esy pws fantasthkes oti ta eida? :-]

Oso gia to tripwire: epeidh to exw se allo mhxanhma kai to parakoloythw 
anelipws (malista ekopsa root access se kapoion poy mexri tote 
ebisteyomoyna, epeidh eida ti "skalise" apo ayto to ergaleio), diabasa sta 
docs toy oti (kat' isxyrismo aytwn poy to egrapsan) einai sxedon adynato na 
parapoihseis checksum arxeioy gia na tairiazei se ayto ths database alla 
borei na alloiwthei h database gia na tairiazei sto peiragmeno arxeio. Gi 
ayto kai synistoyn na kratas th database offline

Opws kai na exei Kwsta, s' eyxaristw gia thn plhroforia kai tis symboyles 
kai th lista gia thn anoxh ths me ena (opws apodeixthke) asxeto me ayth thema,


Spiros D. Bolis
--
====================================================================
Gia boithia (h na diagrafhte) e-mail sto majordomo at hellug.gr
Ta archives tis listas einai sto http://lists.hellug.gr/archives
prin steilete kapoia erothsh psakte mipos exei hdh apanththei.
Gia opoiodipote problima stilte e-mail ston owner-linux-greek-users at hellug.gr
====================================================================

More information about the Linux-greek-users mailing list