I'm still unraveling our recent hacking and found that our router
was allowing all sorts of traffic it shouldnt. NFS and "r" services
being some of them.
I also discovered that our OSF (4.0a - no patches) were hacked using
YP/NIS holes giving me 2 questions:
First, what are the port numbers used for YP/NIS? These ports
should obviously be on the router "hit" list. It may be that I just
dont understand it all. Most of the CERT docs say dont run it if you
dont have to ... but we use these machines (all DEC OSF) in our
engineering labs and I have trouble seeing any other solutions.
Second, has DEC patched this YP/NIS security hole? If so when was
it done?
Finally they gained root access via the dbx of the crontab program.
I've got a lot of summarizing to do for my management and I'll share
with this list.
It has not been a good week :(
Jon.
-----------------------------------------------------------------------
Jon Eidson (J.Eidson_at_tcu.edu) Information Services
Senior Systems Programmer Texas Christian University
(817) 257-6835 Fort Worth, Texas 76129
-----------------------------------------------------------------------
Received on Mon Apr 27 1998 - 22:08:20 NZST