For those interested in reviewing this attack, I have the entire previous
hard disk available and can mount it under the public ftp area if anyone
is curious as to how these folks did this. They exploited BIND 8.2.3
to get in and logs indicated that someone was using a "back door" in
Novell's NetWare proxy caches to perform the attack (since several
different servers were used as "blinds" to get in).
We are unable to determine just how they got in exactly, but they
kept trying and created an oops in the affected code which allowed
the attack to proceed.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/