HPE Community
Operating System - HP-UX
1833873 Members
2178 Online
110063 Solutions
New Discussion

Hacker Contest

 
Michael Tully
Honored Contributor

‎07-03-2003 03:05 PM

‎07-03-2003 03:05 PM

Hacker Contest

Just got this dandy piece of news ...

http://www.abc.net.au/news/justin/nat/newsnat-4jul2003-17.htm

Just read .... no points will be awarded.

Make sure that you have your webservers up to date with security patches.

Security patching tool:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA&oper=install

Latest security patch catalog:
ftp://ftp.itrc.hp.com/export/patches/security_catlog

Anyone for a Mutiny ?
0 Kudos
Reply
9 REPLIES 9
Michael Tully
Honored Contributor

‎07-03-2003 03:07 PM

‎07-03-2003 03:07 PM

Re: Hacker Contest

Here's another press release.

http://www.zone-h.org/en/news/read/id=2986/
Anyone for a Mutiny ?
0 Kudos
Reply
John Poff
Honored Contributor

‎07-03-2003 05:02 PM

‎07-03-2003 05:02 PM

Re: Hacker Contest

Hi Michael,

I saw that. Let's hope nobody gets nailed by this nonsense.

Here is a link to an article about it on ZDNet:

http://zdnet.com.com/2100-1105_2-1023172.html?tag=fdfeed

JP


0 Kudos
Reply
Michael Tully
Honored Contributor

‎07-04-2003 12:59 AM

‎07-04-2003 12:59 AM

Re: Hacker Contest

bounce ...
Anyone for a Mutiny ?
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎07-05-2003 05:09 PM

‎07-05-2003 05:09 PM

Re: Hacker Contest

I just installed an Intrusion Detection System (snort with acid) on my linux server -

http://www.snort.org/docs/

wow - simply amazing - my server is at a small ISP - in a 10 hour window, it logged over 16,000 alerts (only 90 to my server)...

Here are the top 5 frequent ones:

WEB-IIS cmd.exe access web-application-attack

WEB-IIS multiple decode attempt web-application-attack

MS-SQL Worm propagation attempt misc-attack

unicode directory traversal attempt web-application-attack

SCAN SOCKS Proxy attempt attempted-recon


On my server, I have had 37 ICMP PING speedera alerts...
This is not really an attack. However an attacker could disguise their
pings as speedera pings, but this is unlikely.


I followed this guide for my server:

http://www.snort.org/docs/snort_acid_rh9.pdf


Rgds....Geoff



Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-05-2003 06:53 PM

‎07-05-2003 06:53 PM

Re: Hacker Contest

I would note that my Linux 7.3 web hosting server logs hundreds of attempts per week to penetrate using known Microsoft IIS vulnerabilities.

Since I won't host such a server it makes no differences.

The only precaution I'm taking is chaning the passwords on any server that I've ever logged into with telnet, thereby transmitting the password back and forth in clear text.

Another good reason to use only Secure Shell/Openssh on HP-UX/Linux Servers.

Good notice Michael.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Norman_21
Honored Contributor

‎07-05-2003 09:55 PM

‎07-05-2003 09:55 PM

Re: Hacker Contest

Hi Micheale,

It's a great tool, my HP-UX box has generated the following patches list but I had to install Perl too:

Analyzed localhost (HP-UX 11.00) from latif
Security catalog: /tmp/sec/security_catalog
Security catalog created on: Fri Jul 4 21:34:09 2003
Time of analysis: Sun Jul 6 02:03:49 2003

List of recommended patches for most secure system:

# Recommended Bull(s) Spec? Reboot? PDep? Description
----------------------------------------------------------------------------------------
1 PHCO_21534 113 No No No patch for shutdown(1M)
2 PHCO_22665 135 No No No kermit(1)
3 PHCO_22766 167 No No No cu(1) cumulative
4 PHCO_22957 130 No No No auto_parms/set_parms
5 PHCO_23088 138 No No No man(1)
6 PHCO_23117 127 No No No bdf(1M) cumulative
7 PHCO_23118 127 No No Yes df(1M) cumulative
8 PHCO_24446 227 No No No ied(1)
9 PHCO_26020 134 No No No top(1) cumulative
10 PHCO_26060 153 No No No Kernel configuration commands
11 PHCO_26089 191 Yes No Yes libpam and libpam_unix cumulative
12 PHCO_27132 213 Yes No No lpspool subsystem cumulative
13 PHCO_27141 146 No No No cumulative crontab/at/cron
14 PHCO_27565 237 No No No sort(1) cumulative
15 PHCO_27672 194 Yes No No Software Distributor (SD) Cumulative
16 PHCO_27721 160 No No No login(1) cumulative
17 PHCO_28425 257 Yes No Yes libc cumulative
18 PHCO_28718 258 No No No wall(1M)
19 PHKL_22932 178 No Yes No ufs(hfs) deadlock causes the system hang
20 PHKL_27180 206 Yes Yes Yes Corrected reference to thread register state
21 PHKL_28105 223 Yes Yes Yes VxFS cumulative,I/O Throttling,dirty inval
22 PHKL_28766 156 Yes Yes Yes Probe,IDDS,PM,VM,PA-8700,AIO,T600,FS,PDC,CLK
23 PHNE_21835 136 Yes No Yes inetd(1M) cumulative
24 PHNE_23274 144 Yes No No Bind 4.9.7 components
25 PHNE_23949 162 Yes No No ftpd(1M) and ftp(1)
26 PHNE_24419 179 Yes No Yes sendmail(1m) 8.9.3
27 PHNE_27223 232 No No No NTP timeservices upgrade plus utilities
28 PHNE_28143 261 No Yes Yes LAN product cumulative
29 PHNE_28538 264 No Yes Yes cumulative ARPA Transport
30 PHNE_28567 215 242 Yes Yes Yes ONC/NFS General Release/Performance
31 PHSS_24608 109 145 Yes No No AudioSubsystem July 2001 Periodic
32 PHSS_27858 208 Yes No No OV EMANATE14.2 Agent Consolidated
33 PHSS_28469 228 No No No X Font Server
34 PHSS_28675 263 Yes No Yes CDE Runtime Periodic
----------------------------------------------------------------------------------------
*** END OF REPORT ***
NOTE: Security bulletins can be found ordered by number at
http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin

Tell me, what's the other tool that is used to check the regular patches (not the security).
Appreciate your support.
Thanks
latif
"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003
0 Kudos
Reply
Norman_21
Honored Contributor

‎07-06-2003 07:58 AM

‎07-06-2003 07:58 AM

Re: Hacker Contest

Micheale,

I thought you might be interested in the IP3's IT Security Workshop. I've attended this seminar and it was really full of concepts and very useful. At the end of the Seminar (2 days) I got a CD full of security tools and a Certificate of completion. Please find it here and Register if you are interested.
http://www.ip3seminars.com/

Just a thought.
Thanks
Latif
"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎07-06-2003 11:32 PM

‎07-06-2003 11:32 PM

Re: Hacker Contest

Hi all,

did you not the points allocation in the article ? HP-UX was joint top showing its the hardest to crack (?);

"The contest awards a point for every Windows systems defaced, two points for a Unix, Linux or BSD system, three points for any system running IBM's AIX, and five points for an HP-UX system or Apple Computer OS X system."
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎07-11-2003 07:05 PM

‎07-11-2003 07:05 PM

Re: Hacker Contest

Hi,

HP-UX was among the hardest likely because hardly anyone runs a webserver on HP-UX or MacOS for that matter. The more popular an OS is for running a webservice, the more justified for an exploit to be written for it. Cost vs benefits.

The winner had already emerged couple of days back:
http://www.eweek.com/article2/0,3959,1186760,00.asp

http://www.zone-h.org is among one of the few defacement archives left standing. Once a website is listed, it is impossible to get out of the list.

Regards.

Steven Sim Kok Leong
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.