According to what was posted here, you may wish to start scrubbing. http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-securi...
A chain is only as strong as its weakest link: Connected to openbsd.sunsite.ualberta.ca. 220- 220- Welcome to SunSITE Alberta 220- 220- at the University of Alberta, in Edmonton, Alberta, Canada 220- 220- All connections to and transfers from this server are logged. If 220- you do not like this policy, please disconnect now. 220- 220- You may want to grab the index file called "ls-lR.gz" in /pub. It is 220- updated nightly with the contents of the ftp tree. 220- 220- If you have any questions, hints, or requests, please email 220- 220- sunsite@sunsite.ualberta.ca 220- 220 merlin FTP server (SunOS 4.1) ready. A Sun server as a host for a OpenBSD source is like writing combinations to a bank vault on the back of your hand. jnull PGP: 0x54B1A25C "!!!!!" It's the little things .... -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Len Rose Sent: Thursday, August 01, 2002 3:14 AM To: nanog@nanog.org Subject: OpenSSH Trojan.. According to what was posted here, you may wish to start scrubbing. http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-se curity --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002
Might as well have a windows 2000 server doing it!!!!!!!!! Gerardo A. Gregory Manager Network Administration and Security 402-970-1463 (Direct) 402-850-4008 (Cell) Affinitas - Latin for "Relationship" Helping Businesses Acquire, Retain, and Cultivate Customers Visit us at http://www.affinitas.net ------------------------------------------------------------------ 1015 N. 98th Suite 100 Omaha, NE 68114 ------------------------------------------------------------------ ----- Original Message ----- From: "jnull" <jnull@truerouting.com> To: "'Len Rose'" <len@netsys.com>; <nanog@nanog.org> Sent: Thursday, August 01, 2002 10:24 AM Subject: RE: OpenSSH Trojan=tisk tisk
A chain is only as strong as its weakest link: Connected to openbsd.sunsite.ualberta.ca. 220- 220- Welcome to SunSITE Alberta 220- 220- at the University of Alberta, in Edmonton, Alberta, Canada 220- 220- All connections to and transfers from this server are logged. If 220- you do not like this policy, please disconnect now. 220- 220- You may want to grab the index file called "ls-lR.gz" in /pub. It is 220- updated nightly with the contents of the ftp tree. 220- 220- If you have any questions, hints, or requests, please email 220- 220- sunsite@sunsite.ualberta.ca 220- 220 merlin FTP server (SunOS 4.1) ready.
A Sun server as a host for a OpenBSD source is like writing combinations to a bank vault on the back of your hand.
jnull PGP: 0x54B1A25C "!!!!!" It's the little things ....
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Len Rose Sent: Thursday, August 01, 2002 3:14 AM To: nanog@nanog.org Subject: OpenSSH Trojan..
According to what was posted here, you may wish to start scrubbing.
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-se curity
--- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002
--On Thursday, August 01, 2002 10:24 AM -0500 jnull <jnull@truerouting.com> wrote:
A Sun server as a host for a OpenBSD source is like writing combinations to a bank vault on the back of your hand.
From the FAQ:
http://openbsd.org/faq/faq8.html#wwwsolaris 8.18 - Why does www.openbsd.org run on Solaris? Although none of the developers think it is particularly relevant, this question comes up frequently enough in the mailing lists that it is answered here. www.openbsd.org and the main OpenBSD ftp site are hosted at a SunSITE at the University of Alberta, Canada. These sites are hosted on a large Sun system, which has access to lots of storage space and Internet bandwidth. The presence of the SunSITE gives the OpenBSD group access to this bandwidth. This is why the main site runs here. Many of the OpenBSD mirror sites run OpenBSD, but since they do not have guaranteed access to this large amount of bandwidth, the group has chosen to run the main site at the University of Alberta SunSITE.
I had no intention of starting an OS flame session. I just thought "how ironic" since openbsd touts such emphasis on security, and their main distribution site uses another system. I use OpenBSD, Solaris, XP... A tool for every occaision. There isn't a system that can't be cracked with patience, good fingerprint analysis, some coding, and maybe a little social engineering. j -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Kevin Loch Sent: Thursday, August 01, 2002 11:02 AM To: nanog@nanog.org Subject: Re: OpenSSH Trojan=tisk tisk jnull wrote:
A Sun server as a host for a OpenBSD source is like writing combinations to a bank vault on the back of your hand.
s/Sun server/university/ They get bonus points for this too:
220 merlin FTP server (SunOS 4.1) ready. ^^^ KL
--- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002
You can't argue with the need for storage and bandwidth. Well, I guess you could, but I wouldn't listen.
From the FAQ...
8.18 - Why does www.openbsd.org run on Solaris? Although none of the developers think it is particularly relevant, this question comes up frequently enough in the mailing lists that it is answered here. www.openbsd.org and the main OpenBSD ftp site are hosted at a SunSITE at the University of Alberta, Canada. These sites are hosted on a large Sun system, which has access to lots of storage space and Internet bandwidth. The presence of the SunSITE gives the OpenBSD group access to this bandwidth. This is why the main site runs here. Many of the OpenBSD mirror sites run OpenBSD, but since they do not have guaranteed access to this large amount of bandwidth, the group has chosen to run the main site at the University of Alberta SunSITE. ----- Original Message ----- From: "jnull" <jnull@truerouting.com> To: "'Kevin Loch'" <kloch@gurunet.net>; <nanog@nanog.org> Sent: Thursday, August 01, 2002 10:19 Subject: RE:tisk tisk--retract
I had no intention of starting an OS flame session.
I just thought "how ironic" since openbsd touts such emphasis on security, and their main distribution site uses another system. I use OpenBSD, Solaris, XP... A tool for every occaision.
There isn't a system that can't be cracked with patience, good fingerprint analysis, some coding, and maybe a little social engineering.
j
On Thu, 1 Aug 2002, Kevin Loch wrote:
jnull wrote:
A Sun server as a host for a OpenBSD source is like writing combinations to a bank vault on the back of your hand.
s/Sun server/university/
They get bonus points for this too:
220 merlin FTP server (SunOS 4.1) ready. ^^^
Is it possible someone changed the default banner on their ftp server?
At 12:01 PM -0400 2002/08/01, Kevin Loch wrote:
They get bonus points for this too:
220 merlin FTP server (SunOS 4.1) ready. ^^^
Just because something says something doesn't mean that it actually is the something that it is claimed to be. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
participants (9)
-
Brad Knowles -
Christopher L. Morrow -
Gerardo A. Gregory -
Jeffrey Meltzer -
jnull -
Kevin Loch -
Len Rose -
Mike Forrester -
Mike Lewinski