[ale] More Hacked

Jim Kinney jkinney at teller.physics.emory.edu
Mon Dec 7 13:09:29 EST 1998


welcome to computer security, the crash course! The files you mentioned
are common toys of the bad guys. smurf is an attacking tool, used from
your machine to break-in elsewhere (it can clog a network like a SYN
flood), bcast is another attack tool that floods through broadcast network
address and spoofs a machine to be crashed as the originator of a UDP
connection request. The remaining one may be remnants of the entrance tool
used to exploit the IMAPD buffer overflow hole. Be sure to upgrade _all_
of the security patches, turn off all external-connecting programs and
devices not required, and use ssh instead of telnet and ftp. 

Another ALEr posted questions about ssh version ID strings and a desire to
disable them. My understanding is that if ssh is running and configured,
(v.>2.0.0) the ID string is not important since it is not displayed during
the connection process. As the encryption level is high, 128 bit on the
data stream, 1024 bit on the host and user keys, ssh is one of the most
secure communication tools available outside NSA. Use it! For people that
must (begrudgingly) allow access to logins from windows and macs, there
are ssh products available for those platforms for a fee (~$100, 50%
discount for educational). 

James Kinney M.S.Physics		jkinney at emory.edu
Educational Technology Specialist	404-727-4734
Department of Physics Emory University	http://teller.physics.emory.edu

On Mon, 7 Dec 1998, Matthew Brown wrote:

> This is related to the previous post about getting hacked...
> 
> Ever heard of john.1.6, smurf6, or bcast???  These were uploaded.
> 
> More thanks in advance!
> 
> -Matthew Brown
> 






More information about the Ale mailing list