[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Security probes from Italy

Title: Security probes from Italy
Released by: CERT
Date: 10th December 1990
Printable version: Click here

Hash: SHA1


Last Revised: September 17,1997

                Attached copyright statement

                            CERT Advisory

                          December 10, 1990

                      Security probes from Italy

- -------------------------------------------------------------------------------

Many sites on the Internet received messages from

"miners@ghost.unimi.it" ( on Sunday, December 9.  The

messages stated that "miners" is a group of researchers and students

in the computer science department at the state university of Milano

in Italy; a group testing for a "common bug" in network hosts.  In 

addition to the messages, a number of sites detected probes

from the unimi.it domain.  Later today, a number of individuals

received a follow up message from "postmaster@ghost.unimi.it"

explaining the activities.

We have received reports that this activity has now stopped, and an

unofficial explanation has been provided by several administrators at

the University of Milano.  The rest of this message describes the

sequence of events and the security holes that were probed.

Following the original messages from miners@ghost and

postmaster@ghost, another message was sent on the afternoon of December

10th from several administrators at the University of Milano.  They

stated that the authorities at the University had been informed and

that the attempts had stopped.  They also noted that they had not been

informed of the tests in advance.

The administrators at the University of Milano have sent us a copy of

the scripts that were used to probe the Internet sites.  These scripts

checked for the existence of the sendmail WIZ and DEBUG commands,

and attempted to get /etc/motd and/or /etc/passwd via TFTP and

by exploiting an old vulnerability in anonymous FTP.  The scripts

also attempted to rsh to a site and try to cat /etc/passwd.  Finally,

the scripts mailed to root at each site they tested with the message

from "miners@ghost.unimi.it".

The administrators at the University of Milano state that the group

that did this was doing this to discover which (if any) sites might

have had these security flaws, and then to let the sites know about

these vulnerabilities.  They have stated that they still intend to

inform sites that have these vulnerabilities.

To our knowledge, no site was actually broken into (as of December 10,

1990).  Nonetheless, the CERT does not condone this type of activity.

Most of the information in this advisory is based on information given

to us via e-mail from individuals at the University of Milano.  We

have not yet been able to check this information with any officials at

the University; if we learn of any other significant information, we will

update this advisory.

- ------------------------------------------------------------------------------

Computer Emergency Response Team (CERT)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 24-hour hotline:

           CERT personnel answer 7:30a.m.-6:00p.m. EST, on call for 

           emergencies during other hours.

Past advisories and other information are available for anonymous ftp

from cert.org (

- -------------------------------------------------------------------------

Copyright 1990 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision History

September 17,1997  Attached Copyright statement


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.