|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Fwd: SANS Flash Alert For Solaris]
Subject: Re: [Fwd: SANS Flash Alert For Solaris]
From: sedwards
sedwards.com
Date: Wed Jan 05 2000 - 15:10:26 CST
- Next message: Randy Witlicki: "FIXED - Re: Firewalls, PC static routes, gateways"
- Previous message: R. DuFresne: "Re: [Fwd: SANS Flash Alert For Solaris]"
- In reply to: James Triplett: "Re: [Fwd: SANS Flash Alert For Solaris]"
- Next in thread: R. DuFresne: "Re: [Fwd: SANS Flash Alert For Solaris]"
- Reply: sedwardssedwards.com: "Re: [Fwd: SANS Flash Alert For Solaris]"
- Reply: R. DuFresne: "Re: [Fwd: SANS Flash Alert For Solaris]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 4 Jan 2000, James Triplett wrote:
> > Where to find the software:
> >
> > The host-based tool from NIPC may be found at:
> > http://www.fbi.gov/nipc/trinoo.htm
>
> I suppose this is legit. However, they are asking us to run
> AS ROOT, some unknown executable on all our important systems.
> Goes against the most basic security procedures!
>
> No source provided, no way to ensure that this isn't just another trojan...
> (even the fbi.gov site could be hacked, and anyway how do they know what
> is in the executable?)
>
> James
Running strings on the executable prints out stuff that looks a lot like
the attack client/server. Did they use the source to create their tool?
This made me anxious enough to wait for a while to see if somebody posted
a warning...
Also, why no i386 executables or even a mention that the executables they
provided were only for SPARC?
Thanks in advance,
------------------------------------------------------------------------
Steve Edwards sedwardssedwards.com Voice: +1-760-723-2727 PST
Newline Pager: +1-888-478-5085 Fax: +1-760-731-3000
- Next message: Randy Witlicki: "FIXED - Re: Firewalls, PC static routes, gateways"
- Previous message: R. DuFresne: "Re: [Fwd: SANS Flash Alert For Solaris]"
- In reply to: James Triplett: "Re: [Fwd: SANS Flash Alert For Solaris]"
- Next in thread: R. DuFresne: "Re: [Fwd: SANS Flash Alert For Solaris]"
- Reply: sedwardssedwards.com: "Re: [Fwd: SANS Flash Alert For Solaris]"
- Reply: R. DuFresne: "Re: [Fwd: SANS Flash Alert For Solaris]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Thu Jan 06 2000 - 12:39:53 CST