SLUG Mailing List Archives - Re: [SLUG] Re: slug Digest, Vol 29, Issue 5

To: slug@xxxxxxxxxxx
Subject: Re: [SLUG] Re: slug Digest, Vol 29, Issue 5
From: Daniel Pittman <daniel@xxxxxxxxxxxx>
Date: Tue, 03 Jun 2008 10:49:54 +1000
Organization: How about yours? http://rimspace.net/resume/
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/23.0.60 (gnu/linux)

david.lyon@xxxxxxxxxxx writes:
> Quoting Darryl Barlow <dgbarlow@xxxxxxxxx>:
>
>> I had the pleasure some years ago of a cracker gaining access to a Linux box
>> on my work Network running SME Server.
>
>> I still do
>> not know how the attacker located the machine.  I presume it was probably
>> through a port scan .....
>
> I have seen the same thing with other installs of SME Server. The
> machines I saw it on were properly firewalled and not even visible.
>
> People I know have come to the conclusion that it was software already
> embedded within the system at distribution. It got activated in idle
> time. It was doing spam mass mailing.

Which release of SME Server was this?  Having done some auditing, and
worked with customers who ran SME Server systems for some years without
incident -- but only on older versions -- I am surprised at this claim.

Do you have any supporting evidence for that?  Alternately, did the
folks you know write this up anywhere?

Regards,
        Daniel

Follow-Ups:
- Re: [SLUG] Re: slug Digest, Vol 29, Issue 5
  - From: david . lyon

References:
- [SLUG] Re: slug Digest, Vol 29, Issue 5
  - From: Darryl Barlow
- Re: [SLUG] Re: slug Digest, Vol 29, Issue 5
  - From: david . lyon

Messages sorted by: [ date | thread ]
Prev by Date: Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs)
Next by Date: Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs)
Previous by thread: Re: [SLUG] Re: slug Digest, Vol 29, Issue 5
Next by thread: Re: [SLUG] Re: slug Digest, Vol 29, Issue 5