Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » SunOS telnet worm on the loose
Search Topic:
Uniqs:
263		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
eBay Protector.exe »
« Oh man. This one struck me as odd!  
AuthorAll Replies


BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000

SunOS telnet worm on the loose

Posted to ATU as well. Sorry to folks who read both forums.

quote:
We have received several reports of what appears to be a telnet negotiation
exploit with autorooter or worm like qualities.
Further reports shows many of the hosts being reported for telnet scans
are also being reported for a rlogin bruteforce on port 513
It was reported that the probes for port 23 began on 03/20/2005
Looking at isc.sans.org shows 23 has been fairly active but the
number of targets had a large increase on 03/23/2005.
»isc.sans.org/diary.php?date=2005-03-26

I've already seen machines hit by this.

Heads-up, if you aren't already cracked =(
--
echo 16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlb xq |dc
to forum · permalink · · 2005-03-28 14:37:42 · Reply to this


Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA		 There are still people who use telnet exposed to the internet?

Really?
to forum · permalink · · 2005-03-28 14:43:05 · Reply to this


BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000

 Sure,

SSH isn't cheap CPU-wise. There are folks who use GSSAPI and SSL telnet. Not to mention, worms aren't just a problem on internet facing hosts. A VPN connection isn't always a good thing.
--
echo 16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlb xq |dc
to forum · permalink · · 2005-03-28 14:48:01 · Reply to this


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw

reply to BeesTea
Since Jan 1, 2005 I have seen 1 port 513 scan and 1 port 23 scan here so this puppy hasn't gotten around to whacking our neck of the internet yet.

Jan 25, 2005 20:05:34.267 - (TCP) 202.97.132.26 : 2665 >>> 68.144.238.148 : 23

Mar 17, 2005 06:30:06.112 - (TCP) 194.154.200.214 : 61427 >>> 68.144.128.128 : 513

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel
to forum · permalink · · 2005-03-29 00:04:19 · Reply to this
Forums » Up and Running » Security » SecurityeBay Protector.exe »
« Oh man. This one struck me as odd!  

Saturday, 28-Nov 19:13:44 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [66] Weekend Open Thread
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· Digital Transport Adapter Unboxing Photos [Comcast Cable TV]
· [Newsgroups] Newzleech down? [Filesharing Software]
· how to use the 2nd line with phone hooked to the 1st line? [VOIP Tech Chat]
· Using AirMax to provide triple play services? [Wireless Service Providers]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· Why would I want an e reader? [General Questions]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· Gizmo5 has added a Google Voice section in its members area. [VOIP Tech Chat]