[SunHELP] Re: /dev/prom stuff
Dennis Murphy
dmurphy at osxadm.com
Tue Sep 24 12:41:45 CDT 2002
Sizheng,
Your system has been compromised. There's been a security breach.
More than likely a vulnerability in snmpXdmid.
Check these URLs:
http://www.securityfocus.com/archive/75/172558
http://archives.neohapsis.com/archives/incidents/2001-03/0260.html
Good luck repairing. I'd recommend a complete reinstall.
TO ALL: This is Yet Another Reason for two things:
1) PATCH PATCH PATCH
2) Turn OFF any services you don't need! Solaris is notoriously bad
about leaving everything & its brother turned on... If anyone has any
interest, I have some JumpStart scripts (which can be run by hand as
well) that turn off everything except the essentials.
Please email me off-list if you're interested.
Thanks!
---
Dennis Murphy
UNIX Systems Administrator
OSXadm DOT com
dmurphy AT osxadm DOT com
> From: "Sizheng Zhu" <szhu at mail.ipp.ac.cn>
> To: <jeremytowers at yahoo.co.uk>
> Cc: <SunHELP at sunhelp.org>
> Date: Tue, 24 Sep 2002 10:07:37 +0800
> Subject: [SunHELP]
> =?ISO-8859-
> 1?B?u9i4tDogu9i4tDogW1N1bkhFTFBdIGNhcGFjaXR5IG9mIGZpbGVzeXN0?=
> =?ISO-8859-1?B?ZW0gLw==?=
>
> Hi Jeremy,
>
> (1)
> The file I mentioned is "sn.l" and locates in /dev/prom, not in /proc.
> Its
> size has been increasing quickly:
> /dev/prom/sn.l 93206340 Sep 23 16:37
> /dev/prom/sn.l 93375194 Sep 24 08:38
More information about the SunHELP
mailing list