From owner-freebsd-security Mon Jul 13 23:29:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA26458 for freebsd-security-outgoing; Mon, 13 Jul 1998 23:29:13 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.aussie.org (hallam.lnk.telstra.net [139.130.54.166]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA26452 for ; Mon, 13 Jul 1998 23:29:07 -0700 (PDT) (envelope-from maillist@oaks.com.au) Received: from bigbox (frankenputer.aussie.org [203.29.75.73]) by mail.aussie.org (8.9.0/8.9.0) with SMTP id QAA24596 for ; Tue, 14 Jul 1998 16:28:07 +1000 (EST) Message-Id: <199807140628.QAA24596@mail.aussie.org> From: "Hallam Oaks P/L list account" To: "freebsd-security@FreeBSD.ORG" Date: Tue, 14 Jul 1998 16:29:00 +1000 Reply-To: "Hallam Oaks P/L list account" X-Mailer: PMMail 98 Standard (2.01.1600) For Windows NT (4.0.1381;3) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: DNS zone xfers from random(?) sites Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 13 Jul 1998 09:30:39 +0100, Neil Long wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >I would be willing to bet a beer that this is a direct consequence of >the release of 'mscan' - check out www.rootshell.com or just about any >exploit site. [snip] >see what is 'on offer' and then change the default telnetd banner Fortunately I don't have telnet at all any more (SSH only) so that's not an issue. I'll look at getting mscan and seeing what it finds. As for your other suggestion, your are 100% correct (sorry I can't give you the beer :). The systems admin of the university from which the probes occurred has confirmed to me that a student has had his account suspended (and is being investigated for possible expulsion) after using this tool from his own account (!) on one of their annexes to scan a large range of hosts within .au. Thanks for your help, -- Chris Hallam Oaks P/L To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message