-----BEGIN PGP SIGNED MESSAGE-----

- ---------------------------------------------------------------------------
CERT(*) Summary CS-96.01
January 23, 1996
Last Revised: October 2, 1997
        Updated copyright statement

The CERT Coordination Center periodically issues the CERT Summary to
draw attention to the types of attacks currently being reported to our
strategic incident response staff. The summary includes pointers to
sources of information for dealing with the problems. We also list new
or updated files that are available for anonymous FTP from
     ftp://info.cert.org/pub/

Past CERT Summaries are available from
     ftp://info.cert.org/pub/cert_summaries/
- ---------------------------------------------------------------------------

Recent Activity
- ---------------

In the last two months we have seen the same types of activity that we
described in the CERT advisory CA-95:18 Widespread Attacks on Internet
Sites.  If you have not yet taken steps to protect your site against
the activities described below, we urge you to do so as soon as
possible.

  Description

     Intruders are doing the following:

        - using automated tools to scan sites for NFS and NIS vulnerabilities

        - exploiting the rpc.ypupdated vulnerability to gain root access

        - exploiting the loadmodule vulnerability to gain root access

        - installing Trojan horse programs and packet sniffers

        - launching IP spoofing attacks

  Solution

     The CERT staff urges you to immediately take the steps described in
     the advisories referenced below. Note that it is important to
     periodically recheck these files as they contain updated
     information received after the advisory was published.

     a. Using automated tools to scan sites for NFS and NIS vulnerabilities

        * CA-94:15.NFS.Vulnerabilities
        * CA-92:13.SunOS.NIS.vulnerability

     b. Exploiting the rpc.ypupdated vulnerability to gain root access

         * CA-95:17.rpc.ypupdated.vul

     c. Exploiting the loadmodule vulnerability to gain root access

        * CA-93:18.SunOS.Solbourne.loadmodule.modload.vulnerability
        * CA-95:12.sun.loadmodule.vul

     d. Installing Trojan horse programs and packet sniffers
        * CA-94:01.ongoing.network.monitoring.attacks

     e. Launching IP spoofing attacks

         * CA-95:01.IP.spoofing


     The CERT advisories are available from

         ftp://info.cert.org/pub/cert_advisories



What's New in the CERT FTP Archive
- ----------------------------------
We have made the following changes since the last CERT Summary (November 28,
1995).

* New Additions

ftp://info.cert.org/pub/

    Sysadmin_Tutorial.announcement (This CERT course will be given
                                    four times this year in Pittsburgh,
                                    Pennsylvania, USA.)

ftp://info.cert.org/pub/cert_advisories/

    CA-95:16.wu-ftpd.vul
    CA-95:17.rpc.ypupdated.vul
    CA-95:18.widespread.attacks

ftp://info.cert.org/pub/cert_bulletins/

    VB-95:10.elm
    VB-95:10a.elm (listed additional FTP sites)


* Updated Files

ftp://info.cert.org/pub/

    cert_faq

ftp://info.cert.org/pub/cert_advisories/

    CA-95:13 (syslog - added info from Digital Equipment)
    CA-95:15 (SGI lp - added info)
    CA-95:16 (wu-ftpd - added clarification and Solaris 2.4 info)
    CA-95:17 (rpc.ypupdated - added vendor info for Digital & HP)

ftp://info.cert.org/pub/tech_tips/

    AUSCERT_checklist1.1 (replaced AUSCERT checklist version 1.0)


- ---------------------------------------------------------------------------
How to Contact the CERT Coordination Center

Email    cert@cert.org

Phone    +1 412-268-7090 (24-hour hotline)
                CERT personnel answer 8:30-5:00 p.m. EST
                (GMT-5)/EDT(GMT-4), and are on call for
                emergencies during other hours.

Fax      +1 412-268-6989

Postal address
        CERT Coordination Center
        Software Engineering Institute
        Carnegie Mellon University
        Pittsburgh PA 15213-3890
        USA

To be added to our mailing list for CERT advisories and bulletins, send your
email address to
        cert-advisory-request@cert.org

CERT advisories and bulletins are posted on the USENET news group
         comp.security.announce

If you wish to send sensitive incident or vulnerability information to CERT
staff by electronic mail, we strongly advise you to encrypt your message.
We can support a shared DES key or PGP. Contact the CERT staff for more
information.

Location of CERT PGP key
         ftp://info.cert.org/pub/CERT_PGP.key

- ------------------------------------------------------------------------------

Copyright 1996 Carnegie Mellon University. Conditions for use, disclaimers,
and sponsorship information can be found in
http://www.cert.org/legal_stuff.html and ftp://ftp.cert.org/pub/legal_stuff .
If you do not have FTP or web access, send mail to cert@cert.org with
"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revision History:

Oct 02, 1997  Updated copyright history

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNDgBpHVP+x0t4w7BAQEkVwP/W9/mjYa62uSrjTUUoFFjRmKffjNlcWnx
vN0qkXKPdGHOMU0RMC2f48bkUveoCgphCWVHfMfFKG4gEVsjC0rSfDXdaTWOe78g
XwPeHh0hwzmAxTI+crqeviGnnxc/hLJWdMbUq206tb4cQtpjRpEcy26CVePt3s2f
6gK6u46IHq8=
=6mqK
-----END PGP SIGNATURE-----