Posted on 09/29/2005 6:15:26 PM PDT by Golden Eagle
SEPTEMBER 28, 2005 (COMPUTERWORLD) - A company server that some workers at Novell Inc. apparently used for gaming purposes was hacked into and then used to scan for vulnerable ports on potentially millions of computers worldwide, according to an Internet security consultant.
The scans, which have been going on since Sept. 21, are targeted at TCP Port 22 -- the default port for Secure Shell (SSH) services. SSH programs are used to log into other computers over a network or to execute remote commands and move files between machines in a secure fashion. Scans against the port are often an indication that hackers are looking for vulnerable SSH systems that they can break into and take control of.
(Excerpt) Read more at computerworld.com ...
Quake servers are quite common in internal development organizations. ;-) The trick is to always have a couple of spare "test" machines attached. Getting it exposed to the outside world is the real problem. I've always thought, if you get caught, you deserve to get burned to the fullest extent.
It isn't obvious the server was hacked at all, not that it's much better. A user with legitimate access to the box might well be responsible. Naughty, very naughty...
Nonsense. NetWare at least through 5.5 have been very exploitable, except that no one bothers.
I have those same experiences, and have a report on my desk every afternoon showing every unexpected request we received on unusual ports. Like you I used to contact them all, back before we got hundreds in a day, and on occasion I will still contact them if something is persistent, but in many instances it's impossible to get the granularity you need to actually contact the specific offender, and the subnet host either doesn't have time or care themselves. The good news is, it is of course possible to block those attempts, which is why we keep most everything locked down by default, and only open up when absolutely necessary, both ways.
What's your point, this comparable Novell product has more.
http://secunia.com/product/2467/
Again, I'll ask, since you brought up Microsoft, has anything like this ever happened to them, especially where servers registered to them were out attacking computers on the internet? I guess your refusal to answer the question means no, it never has.
Same here. I work at a hospital with some top-notch network guys, and nothing gets by them.
I believe that the article said that the server was actually outside their firewall. Thereby, completely open to attack. I'm thinking that this isn't a Netware server, but a Linux server, and obviously, one that wasn't secured at all.
Mark
Absolutely. Any thorough investigation should start with an internal audit, since that doesn't even require initial compromise. If the hacker was any good, they'll never know where he came from, or where he went. They'll need someone good to find him/her, and the best leads would probably come in where he was continually collecting any data from those external probes, since it would be a repeated action. I doubt any of that will ever be shared externally, though, just not smart since that exposes their security/methods as well. Their situation sounds so loose they probably need an external review.
What are you talking about now? I just searched for the word "Netware" and it doesn't appear anywhere on that page. Do you even know that Novell owns SUSE?
Huh? First off, there's not such thing as "NetWare 5.5," and in fact, until NetWare 5.0, NetWare servers didn't even "speak TCP/IP." (Servers starting with NW 3.0 could, however route IP, but there was nothing to exploit.)
Now, if you're talking about GroupWise 5.5 and ealier, well for the most part, you're talking about Word Perfect Office and Mail. Until GroupWise 5.0, they didn't even work natively with IP. You needed an SMTP gateway. Again, nothing really to exploit. There were some relay vulnerablilties, but they could be blocked without too much difficulty. However, the GroupWise clients have always been less vulnerable to virus infections on the network.
Mark
Said they were "test servers" outside the firewall. Obviously not a good idea, we only have one server outside, production only, and it's security is highest priority including a local software firewall.
You and I, we have the right ideas. Let's run for Congress. ;)
So his original sentence should have been 30 years. Add his extension and he would be in jail for 55 years.
Sounds good to me.
Doesn't Mircrosoft use some Linux servers?
On the other hand, if they used the default user name of "admin" and a password of "novell," then they got what they deserved.
Mark
No kidding. I am serious, though. Shame is no longer a valid form of punishment. Everyone thinks being judgemental is "bad".
Man, I can tell you when my radiology department went down (we are all digital) because of viruses, those people responsible should be thankful they were anonymous. That stuff just enrages me. It is like stupid kids spray painting graffiti on cars.
They have a "lab" I've heard, but I've never heard of it getting hacked.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.