Incidents Mode:
(Page 8 of 170)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
ARAKIS early warning system public web interface 2007-06-21
Piotr Kijewski (piotr kijewski cert pl)
Hi all,

We (CERT Polska) have updated the public dashboard of our early warning
system project ARAKIS. ARAKIS aggregates and correlates data from
various sources, including honeypots, darknets, firewalls and antivirus
systems in order to detect new network threats. The dashboard provides a
snapshot

[ more ]  [ reply ]
Re: Suspicious files in /tmp 2007-06-20
Michal Zalewski (lcamtuf dione ids pl)
On Wed, 20 Jun 2007, Javier Pello wrote:

> /var/tmp/echo: error while loading shared libraries: /var/tmp/echo:
> failed to map segment from shared object: Operation not permitted

Oh yup, I think they prevent mmap w/PROT_EXEC on noexec files of recent.

/mz

----------------------------------------

[ more ]  [ reply ]
Re: Suspicious files in /tmp 2007-06-18
Juha-Matti Laurio (juha-matti laurio netti fi)
I have received a Virus Alert notification message from my webmail provider informing about a malware in my Inbox.
This is the reason I never received the first message of this thread (webmail company deleted the message).
Unfortunately, I don't remember the exact name of malware reported but 'Perl'

[ more ]  [ reply ]
Re: Suspicious files in /tmp 2007-06-19
Michal Zalewski (lcamtuf dione ids pl)
On Mon, 18 Jun 2007, Matt D. Harris wrote:

> A lot of times in an exploit scenario, you don't have access to stdin.

Why not? If you can call execve, you can go for sh -c 'echo "foo()" | perl
-' instead of calling perl interpreter directly. Or use pipe() + fork().

> While the script could still be

[ more ]  [ reply ]
Suspicious files in /tmp 2007-06-16
kladizkov.thehome (kladizkov thehome gmail com) (3 replies)
Hi,

My firewall LFD, pulled out three perl scripts from /tmp. It was found
to be executing in my server. I have attached the scripts along with
this mail. Is this issue familiar to anyone?

How can a script uploaded to /tmp be executed when it has noexec privilege?

tmp/back010064400001430000143000

[ more ]  [ reply ]
Re: Suspicious files in /tmp 2007-06-18
Jamie Riden (jamie riden gmail com)
Re: Suspicious files in /tmp 2007-06-18
Jamie Riden (jamie riden gmail com)
Re: Suspicious files in /tmp 2007-06-18
Matt D. Harris (mdh solitox net) (5 replies)
Re: Suspicious files in /tmp 2007-06-21
Remko Lodder (remko elvandar org)
Re: Suspicious files in /tmp 2007-06-19
Rainer Duffner (rainer ultra-secure de)
Re: Suspicious files in /tmp 2007-06-19
Rainer Duffner (rainer ultra-secure de)
Re: Suspicious files in /tmp 2007-06-19
Robin Sheat (robin kallisti net nz) (1 replies)
Re: Suspicious files in /tmp 2007-06-20
Valdis Kletnieks vt edu (1 replies)
RE: Suspicious files in /tmp 2007-06-20
Thyago Braga da Silva (tbraga gasecurity com br) (1 replies)
RE: Suspicious files in /tmp 2007-06-21
kaneda bohater net
Re: Suspicious files in /tmp 2007-06-18
Michal Zalewski (lcamtuf dione ids pl) (1 replies)
Re: Suspicious files in /tmp 2007-06-19
Matt D. Harris (mdh solitox net)
send to MAC A, reply from MAC B, same IP. Whats going on ? 2007-06-13
curiouscode (cheapchinni yahoo com) (1 replies)

I have a linksys wireless AP and router. I have been monitoring my ethernet
traffic on the wireless laptop (cant put the card into promiscuous mode), so
I know I cant see all the traffic that is out there.
I have WEP and I know its trivial to break it, I am suspicious it has been
broken, but I have

[ more ]  [ reply ]
Re: send to MAC A, reply from MAC B, same IP. Whats going on ? 2007-06-13
Jason Muskat, GCFA, GCUX, de VE3TSJ (Jason TechDude Ca)
Survey on Supercomputer Cluster Security 2007-05-25
cluster security gmail com
To Cluster System Administrators:

Our University has done some classified DoD work on various Beowulf

clusters. As a result, we have gotten interested in the questions of

securing supercomputer clusters. In particular, we are especially

interested in better understanding the nature of the thre

[ more ]  [ reply ]
Re: Anybody recognize this Solaris compromise? 2007-04-18
Jamie Riden (jamie riden gmail com)
On 18/04/07, jwmeritt (at) aol (dot) com [email concealed] <jwmeritt (at) aol (dot) com [email concealed]> wrote:
>
> 'a' telnetd vulnerability., not 'the' vulnerability.
>
> James W. Meritt
> CISSP, CISA, NSA IAM, PMP

Matt said "if you were compromised by the telnetd vulnerability Jamie
linked to".
I linked to a specific vulnerability (incorrect sanitis

[ more ]  [ reply ]
Re: Increased activity on port 110 2007-02-27
joakim berge gmail com (1 replies)
Thanks for the quick response.
The activity I see, is not directly aimed at windows servers. Looks more like a botnet sweep. The majority of source addresses are from the US.

The latest MailEnable vulnerability I found was: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6605

-------------

[ more ]  [ reply ]
Anybody recognize this Solaris compromise? 2007-04-13
David Gillett (gillettdavid fhda edu) (2 replies)
Re: Anybody recognize this Solaris compromise? 2007-04-13
Axel Pettinger (api worldonline de)
Re: Anybody recognize this Solaris compromise? 2007-04-13
Jamie Riden (jamie riden gmail com) (2 replies)
Re: Anybody recognize this Solaris compromise? 2007-04-13
Matthew T. Fata (matt credibleinstitution org)
Re: Anybody recognize this Solaris compromise? 2007-04-13
Tim (tim-forensics sentinelchicken org)
Re: Re: Increased activity on port 110 2007-02-26
phishtracker gmail com
Yes, I'm seeing it too only on our Windows dedicated server farm. It appears to be related to MailEnable (Ensim/Plesk Customers). How they are getting infected I'm not sure yet. Possibly via servers with unpatched MailEnable. "rdriv.sys" gets installed in the "Windows\system32" folder.

Systems that

[ more ]  [ reply ]
Increased activity on port 110 2007-02-26
joakim berge gmail com (1 replies)
There has been a big increase in pop3 activity 25 Feb. Any idea what it is? New worm?

/Joakim

------------------------------------------------------------------------
-
This list sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"-
SPI Dynamics White Paper
It's as s

[ more ]  [ reply ]
Re: Increased activity on port 110 2007-02-26
vtlists wyae de
(Page 8 of 170)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus