-----BEGIN PGP SIGNED MESSAGE----- =============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Teun Nijssen Index : S-95-24 Distribution : World Page : 1 Classification: External Version: 1 Subject : Widespread attacks on the Internet Date : 18-dec-95 =============================================================================== By courtesy of CERT Coordination Center we received the following information. CERT Coordination Center advisory CA-95:18 reports extended and very skillful attacks on Internet sites. CERT-NL confirms knowing of several cases in the Netherlands; however the sites involved are also in many other countries. The attacks frequently compromise root on Unix systems. We have seen both completely wiped disks and carefully hidden modifications. All tricks in the book are being expoited, including sniffing, IP spoofing, old sendmail, nfs, ..... hacks. CA-95:18 mentions the list of attacks seen, as well a set of old advisories with remedies. So far, NO NEW METHODS have been discovered, but if you don't carefully apply all advisories of the past, on ALL your systems, you may find your system quite different after you return from Christmas leave. The situation is so serious, that CERT-CC will distribute the warning to a list of major Internet suppliers. All CERT Coordination Center advisories and README's are mirrored by CERT-NL. The specific URL's for this case (once the mirror has run tonight) will be: ftp://ftp.surfnet.nl/surfnet/net-security/cert-cc-mirror/ cert_advisories/CA-95:18.widespread.attacks and ftp://ftp.surfnet.nl/surfnet/net-security/cert-cc-mirror/ cert_advisories/CA-95:18.README More information about the CERT-NL mirror and notifier services is contained in News items N-95-01 (notifier) and N-95-02 (CERT mirror), both present on ftp://ftp.surfnet.nl/surfnet/net-security/cert-nl/docs/news/ ============================================================================== CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST). All CERT-NL material is available under: http://www.surfnet.nl/surfnet/security/cert-nl.html ftp://ftp.surfnet.nl/surfnet/net-security In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team). CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer, i.e. UTC+0100 in winter and UTC+0200 in summer (DST). Email: cert-nl@surfnet.nl Phone: +31 302 305 305 Fax: +31 302 305 329 Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands A 7 * 24 hours phone number is available to SURFnet SSC's and FIRST members on request. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAgUBMNXHrR68tkuRYDgtAQHGIAQAstDFH6PT0AHfBUk4OtpaifFatsXKpvza U75Gt/b8C7PNNX5Td4+GZdrHUAd+CZPF49zk6QiuWtnR8RuNJ6pfr3ypm6O2y+pq vIsiqhdc8sveeJYPdxBpuP5qXTLDtjkjRDlE5b5RhzZ62C2wQIlfKGd70t9VNqIB ZH8UKsLtODI= =C8JJ -----END PGP SIGNATURE-----