[plug] IMPORTANT: update your BIND and WU-FTPD services *NOW*
Leon Brooks
leon at brooks.fdns.net
Wed Feb 28 14:19:23 WST 2001
Someone or someseveral appear to have released some modern equivalents
of the Morris worm onto the net in the last few weeks. The number of
probes against BIND (DNS/name server) and WU-FTPD (FTP server) services
(and, interestingly, against the Windows ports 137-139) is ramping up as
we speak. I have had three clients discover breakins in the last two
days<*>, one of whom also found a nice list of about 30 machines which
the rootkit had already found with vulnerable BINDs and broken.
IF YOU ARE RUNNING:
BIND <8.2.3 OR
WU-FTPD <2.6.1
*ANYWHERE* THEN UPDATE THEM NOW!
(NOT TOMORROW, NOW!)
...and while you're at it, update Apache, PHP and everything else as
well. Do this now or I will have five times as much business as I and
everyone else I know can handle!
On RedHat and similar systems (Caldera, Mandrake, SuSE...) use these
commands to discover what you're running:
rpm -qa | egrep '(bind|ftp)'
If the version number is too low, fetch and install a later RPM.
http://mirror.aarnet.edu.au/ has updates for many Linux distributions;
if unsure, visit the disributor's website and start from there.
<*> I am happy to say, not on machines I installed or maintain.
--
"I used to wish the universe were fair. Then one day it hit me: What
if the universe were fair? Then all the awful things that happen to
us in life, would happen because we deserved them. So now I take
great pleasure in the general hostility and unfairness of things."
-- Marcus, on Babylon 5
More information about the plug
mailing list