Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Linux utility site hacked, infected
ZDNet Australia ^ | 11/14/02 | Patrick Gray

Posted on 11/14/2002 10:48:04 AM PST by Leroy S. Mort

The download site for two very common Linux based utilities, tcpdump.org, was hacked into on Nov. 11, and the software available for download was modified to contain Trojan Horse code.

This Trojan Horse, or "back door" software allows the hacker that wrote it to access any machine on which the modified software is run.

The two software items affected are tcpdump and libpcap, tools commonly used in information security applications. Some Intrusion Detection System (IDS) software requires libpcap.

The identity of the hacker conducting this campaign is unknown, as is whether a connection exists between the separate incidents.

CERT releasedan advisory in which they ".encourage sites using libpcap and tcpdump to verify the authenticity of their distribution, regardless of where it was obtained."

CERT provided the information necessary to determine the authenticity of any libpcap or tcpdump software recently downloaded. The advisory also encourages users to verify all software before installing it. "As a matter of good security practice, the CERT/CC encourages users to verify, whenever possible, the integrity of downloaded software."


TOPICS: Crime/Corruption; Front Page News; Miscellaneous; Technical
KEYWORDS: backdoor; ids; trojan
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-72 next last
To: Bush2000
"It's humorous to note how quiet Linux advocates are on this thread."

What is there to say. Nobody said Linux was perfect. Besides, this isn't really a fault of Linux as much it is the Fault of the sysadmin.

41 posted on 11/14/2002 3:57:16 PM PST by Crispy
[ Post Reply | Private Reply | To 21 | View Replies]

To: Scott McCollum
There is nothing Left about freedom...

Microsoft is about MONOPOLY and CONTROL, and its days are numbered as Linux matures. Try Xandra and gnash your teeth...

...and watch all that pseudo-learning of which pull down menus to invoke, and which bizaree registry entries to change melt into irrelevancy... along with your Microsoft shares.

42 posted on 11/14/2002 4:13:09 PM PST by chilepepper
[ Post Reply | Private Reply | To 39 | View Replies]

To: dheretic
Sorry, but there are plenty more than 3 or 4 of the 25 million + Mac users out there that are online. I'm sure you're right. I've got 200+ desktop's, and more Server's than I care to go into, and 1 MAC, with 1 MAC User, which BTW, they are a match made in heaven and meant for each other. It's only natural to extrapolate that out to the real world when ranting. MAC's are just as vulnerable, with the right amount of attention. Blackbird.
43 posted on 11/14/2002 4:13:23 PM PST by BlackbirdSST
[ Post Reply | Private Reply | To 22 | View Replies]

To: stands2reason
I hear orally servicing billionaire geeks pays remarkably well.

Don't your lips get tired?
44 posted on 11/14/2002 4:14:27 PM PST by Bush2000
[ Post Reply | Private Reply | To 40 | View Replies]

To: Crispy
What is there to say. Nobody said Linux was perfect. Besides, this isn't really a fault of Linux as much it is the Fault of the sysadmin.

Nobody ever said Windows was perfect, either. But when has that ever stopped your side from bashing it? You could argue that *all* of these security issues are the fault of the sysadmin for not locking them down more. Information is available on how to do that with Linux and Windows. But so few actually do.
45 posted on 11/14/2002 4:16:34 PM PST by Bush2000
[ Post Reply | Private Reply | To 41 | View Replies]

To: Bush2000
You apparently haven't tried the .NET Server RCs. Practically everything is fscked up now.

Fixed it for you.

46 posted on 11/14/2002 4:17:10 PM PST by TechJunkYard
[ Post Reply | Private Reply | To 29 | View Replies]

To: TechJunkYard
Don't quit your day job.
47 posted on 11/14/2002 4:17:43 PM PST by Bush2000
[ Post Reply | Private Reply | To 46 | View Replies]

To: Bush2000
Man, you're quick! ;-)
48 posted on 11/14/2002 4:21:18 PM PST by TechJunkYard
[ Post Reply | Private Reply | To 47 | View Replies]

To: dheretic
Switzerland isn't insignificant, it is the model for what the US should aspire to be like again.

As a target of attack it is insignificant. My analogy went over your head.

49 posted on 11/14/2002 4:24:59 PM PST by Leroy S. Mort
[ Post Reply | Private Reply | To 24 | View Replies]

To: dheretic
Switzerland isn't insignificant, it is the model for what the US should aspire to be like again.

If you like it so much, go there! Or is the taxpayer-subsidized education better here, college boy?
50 posted on 11/14/2002 4:26:08 PM PST by Bush2000
[ Post Reply | Private Reply | To 24 | View Replies]

To: Bush2000
I would think you would know better than I.
51 posted on 11/14/2002 4:26:23 PM PST by stands2reason
[ Post Reply | Private Reply | To 44 | View Replies]

To: stands2reason
I would think you would know better than I.

Sorry, I'm straight. Maybe you'd have better luck on DU.
52 posted on 11/14/2002 4:29:38 PM PST by Bush2000
[ Post Reply | Private Reply | To 51 | View Replies]

To: chilepepper
The recent attacks on the 13 key DNS root servers were mounted from WINDOWS machines...

How do you know this? Just curious.

53 posted on 11/14/2002 4:56:44 PM PST by TechJunkYard
[ Post Reply | Private Reply | To 28 | View Replies]

To: Scott McCollum; Bush2000
Linux Left

Ha! I like that.

/. must be the DU of that world!

54 posted on 11/14/2002 5:07:27 PM PST by Incorrigible
[ Post Reply | Private Reply | To 39 | View Replies]

To: Bush2000
Have you heard anything about this yet?

Yes, I've been discussing this today with some other security types.

While Ziff-Davis is reporting that the site was hacked into, the current evidence coming out of the investigation at tcpdump.org seems to be pointing to a member of the team that was recently asked to leave. In other words, it's an inside job.

From the Bible, "Thou seest the mote in thy brother's eye, but thou seest not the beam in thine own eye."

While this is a problem for users of libpcap and tcpdump, the trojan that is in the infected software doesn't spread itself. Unlike Microsoft which "accidentally sent the virulent Nimda worm to South Korean developers when it distributed Korean-language versions of Visual Studio .Net..."

Whoopsie. Perhaps NBMers might want to examine Microsoft's own history before gloating over problems with Linux.

This incident only reinforces what I've been saying. No OS is perfect. Linux has problems. Microsoft has more, more often and more serious problems. Linux problems are often fixed in hours. Microsoft problems take weeks, if ever. Linux problems are localized. Microsoft problems spread like wildfire. Linux problems generally only infect users that have chosen to use certain pieces of software, Microsoft problems generally infect everyone using a certain version of Windows.

So you probably shouldn't gloat too much. Microsoft still is the world leader in security problems.

55 posted on 11/14/2002 7:07:40 PM PST by Knitebane
[ Post Reply | Private Reply | To 13 | View Replies]

To: Bush2000
Getting hacked sucks no matter what OS!
56 posted on 11/14/2002 7:26:10 PM PST by stainlessbanner
[ Post Reply | Private Reply | To 14 | View Replies]

To: TechJunkYard
All the articles I've seen seem to confirm it. Try for example ComputerWorld's recent article

FBI : DNS Server Attacks came from U.S.,Korea

It quotes Alan Paller of SANS indicating that the attacks
came from Nimda and/or Code Red infected machines
(Windows 9X,NT,2000 an perhaps even XP, I'm not sure) originating from Korea home machines connected via DSL...

57 posted on 11/14/2002 7:58:43 PM PST by chilepepper
[ Post Reply | Private Reply | To 53 | View Replies]

To: Knitebane
the current evidence coming out of the investigation at tcpdump.org seems to be pointing to a member of the team that was recently asked to leave. In other words, it's an inside job.

What evidence? Let's have references.
58 posted on 11/14/2002 11:18:24 PM PST by Bush2000
[ Post Reply | Private Reply | To 55 | View Replies]

To: Bush2000
What evidence? Let's have references.

As I'm not in the investigation itself, I don't have access to the investigative findings.

So, no hard data at the moment, only information from people close to it whose word I trust.

The facts will be out when the investigation is concluded.

I mean, hey, it's not like I'm asking you to just trust me that the source code that I use internally is the same as what I called "shared source." In this case, the truth will be out, it will just take a few weeks.

59 posted on 11/14/2002 11:30:05 PM PST by Knitebane
[ Post Reply | Private Reply | To 58 | View Replies]

To: Knitebane
As I'm not in the investigation itself, I don't have access to the investigative findings. So, no hard data at the moment, only information from people close to it whose word I trust.

In other words, you're spreading rumor and innuendo, not fact. Can't you Linux guys distinguish between fact and fantasy? It's your wet dream for this incident to be blamed on some insider. But without actual proof, we'll just have to accept ZDNet's assessment of the situation as a hacked Linux server. Tough luck.
60 posted on 11/15/2002 12:43:01 AM PST by Bush2000
[ Post Reply | Private Reply | To 59 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-72 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson