Though not strictly of relevance it is a security issue with which I
have been battling all weekend. The good news is that 100% of the
attacks to my site assumed a 32-bit architecture, i.e. all the
stack-overflows were out whenever there was a "long" involved.
I used the "twist" option in the TCP-Wrappers to pretend to accept the
characters being sent and then dumping them to file and fortunately
they would be lethal to a Linux or FreeBSD box but they are "out" for
Digital Unix. It seems to be a single script making the rounds in the
cracker community (no differences amongst 73 attempts ranging from
Argentina, US, UK, South Africa and Taiwan).
If possible I would strongly recommend TCP-Wrappers which
incidentally, close the POP-3 connection in exactly the same way as
a successful exploit would and guarantees a telnet attempt as root
about 10s later :-) Quite amusing really!
I am currently pressing charges against the UK cracker (who probably
thought it was a US company and thought it safe...).
I would recommend following the discussion on BUGTRAQ on the issue.
Arrigo
--
Arrigo Triulzi <arrigo_at_albourne.com>
Albourne Partners Ltd. - London, UK
Received on Mon Jun 29 1998 - 13:46:15 NZST