Hallo Markus, * Markus Hubig <lord.aragon@gmx.net> [19-09-01 17:22]: > Momantan geistert ja wider so ein neuer Internet-Wurm namens "nimda" > durch die Netze. Alles was ich ueber diesen Wurm gelesen habe besagt > aber dass es _NUR_ WinXX(XX)? Rechner angreift ... !! Ja, ist echt lustig das die einfach nicht lernen wollen. > Scheint ein Linux-Rechner zu sein!! Oder interpretiere ich da was > falsch?? Zwei Mails von Avinesh Bangar u. Gerald Carter aus NTBugtraq: | It seems that open Samba (Linux) shares are also affected -- possibly | because the Samba server is emulated as a Windows NT 4.2 Server? I just | searched the shares for *.eml and *.nws and deleted the respective | files. It seems as though not all shares were affected, just the ones | that had FTP access. | |--------------------------------- | | After talking to a few people it seems I was wrong. Apparently it tries | to drop its files onto CIFS/SMB servers by logging in as guest. If Samba | had a valid user named guest with no password, then it would suceed ... | | or if you have "map to guest" in smb.conf set to anything other than the | default of "Never", you might see this as well. Of course, this also | assumes that "guest" has write access to shares. | | Apologies for the previous hasty and incorrect response. Hope this helps. > Koennte es sein dass die "nimda"-Attacke von nem Rechner stammte der > hinter diesen Linux-Rechner steht und per masquerading oder proxy > aggiert?? Klar. Janto -- Janto Trappe Germany /* rapelcgrq znvy cersreerq! */ GnuPG-Key: http://www.sylence.de/gpgkey.asc Key ID: 0x8C53625F Fingerprint: 35D7 8CC0 3DAC 90CD B26F B628 C3AC 1AC5 8C53 625F
Attachment:
pgp6evQpJXLJw.pgp
Description: PGP signature