[ham] [Rhodes22-list] Michael, when you wake up.

Sun Apr 13 12:33:07 EDT 2003

I think you mean a hardware firewall(their are no moving parts), but yes they are their, the problem it you still have to let people
in for it to do something, it looked to be an apache buffer overflow(that's a webserver), the attack was ment for Linux which only
screwed up that passwd file and never let them in(the password system it a little different on FreeBSD), what happens is the
attacker sends a malformed packet(that gets passed port 80, i.e the webserver), that uses a bug to run a script that in the packet,
in this case the script managed to scramble the passwd file but never installed it, The problem is you never know what other things
the script might have done or left behind so everything has to be flushed(i.e updated the OS source and rebuild every OS
program/driver), check every system configuration file against the original, the startup scripts and rebuild every third party
packages(as in 57 /usr/ports).

Thier is more to the issues then just a firewall.

MJM

----- Original Message -----
From: "Kroposki" <kroposki at innova.net>
To: "'The Rhodes 22 mail list'" <rhodes22-list at rhodes22.org>
Sent: Sunday, April 13, 2003 8:52 AM
Subject: [ham] [Rhodes22-list] Michael, when you wake up.

>
> Is there anything that could have stopped the attack?  A mechanical
> firewall?
>              Ed K
> -----Original Message-----
> From: Michael Meltzer [mailto:mjm at michaelmeltzer.com]
> Sent: Saturday, April 12, 2003 11:12 PM
> To: The Rhodes 22 mail list
> Subject: Re: [ham] Re: [Rhodes22-list] Sorry People
>
> It was an SOP cluster-fuck, starting with a corrupted passwd
> file(luckily they missed the cache) and it just keep going, adding
> insult I had to keep the system up during the flush/restore, no fun at
> all but it is finished except the new version problems.
> Thanks for the offer(something tells me you understand how painful this
> is), time to check out the programmer store for new forms of
> caffeine :-)
>
> MJM
>
> ----- Original Message -----
> From: "Mark Kaynor" <mark at kaynor.org>
> To: "The Rhodes 22 mail list" <rhodes22-list at rhodes22.org>
> Sent: Saturday, April 12, 2003 5:18 AM
> Subject: [ham] Re: [Rhodes22-list] Sorry People
>
>
> > Michael,
> >
> > I hate it when that happens. Let me know if there's anything I can do
> to
> > help.
> >
> > Mark
> >
> >
> > ----- Original Message -----
> > From: "Michael Meltzer" <mjm at michaelmeltzer.com>
> > To: <rhodes22-list at rhodes22.org>
> > Sent: Saturday, April 12, 2003 4:52 AM
> > Subject: [Rhodes22-list] Sorry People
> >
> >
> > > Sorry All, It has been a bad few days
> > >
> > > I am sure a few of you are wondering what happened.
> > >
> > > 1)We should congratulate each other, rhodes22.org has been up for a
> year,
> > their was a down side to this, it was also the renewal date for the
> domain,
> > I forgot/put-off paying the bill. Up shot the DNS (how computer find
> the
> > site) when down. that is why a
> > >  few of you got "rhodes22.org not found". Ok I took care of that in
> the
> > morning, problem(self inflective) fixed about 8pm.
> > >
> > > 2)Thursdays at 2pm I found the server which this runs on was hacked,
> bad
> > news, I was cleaning the machine and upgraded the OS(finished that
> around
> > 12pm, the test messages) I was able to swap software around so no one
> > noticed, Next thing I did was upgrad
> > > e all the software to the latest version(57 packages ;-). that when
> the
> > list when down.
> > >
> > > 3)it turns out that python/mailman/Freebsd are having a problem with
> the
> > latest version and the network libs, been debugging this for a while,
> python
> > is unable to get the network connection to your mail servers open(that
> why
> > the messages make it to the
> > > archive, but no futher), not fun, I have a workaround in but it a
> little
> > slower and picture support is not in. I submit it to be fixed (should
> take
> > about a week to fix).
> > >
> > > Sorry
> > >
> > > MJM
> > >
> >
> >
>
>
>