Re: rootkit and other bits'n'pieces.

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Darren Reed: "response to responses about `rootkit'"
• Previous message: IDS Moderator: "Re: rootkit and other bits'n'pieces."
• In reply to: Paul Danckaert: "Re: rootkit and other bits'n'pieces."
• Next in thread: Paul Danckaert: "Re: rootkit and other bits'n'pieces."

On Wed, 26 Jun 1996, Paul Danckaert wrote:

> 
> On Wed, 26 Jun 1996, Darren Reed wrote:
> 
> [ObSecurityNote]
> 
> We have seen quite an increase in web-related attacks, specifically 
> trying to exploit cgi's with %0a (newline) characters, trying to grab 
> password files, and run other commands.  I would recomend grep'ing 
> through some of your web server logs looking for passwd, %0a, %0A, and 
> things like that.  Just in the last few weeks these attacks have 
> increased to the point of several a week.  
> 

Are there any other common programs (besides phf) that are linked with 
the util.c code that has the newline problem? I thought phf was the main 
problem - so a grep of phf is probably more useful (or replace phf with 
some perl code that mails you their vital information when it is run).

Brian Mitchell                          brian@saturn.net
Unix Security / Perl / WWW / CGI        http://www.saturn.net/~brian 
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman

• Next message: Darren Reed: "response to responses about `rootkit'"
• Previous message: IDS Moderator: "Re: rootkit and other bits'n'pieces."
• In reply to: Paul Danckaert: "Re: rootkit and other bits'n'pieces."
• Next in thread: Paul Danckaert: "Re: rootkit and other bits'n'pieces."