Date: Wed, 12 May 1999 22:39:07 -0400 From: "Mark S. Reichman" <mark@borg.com> To: Ben Pepa <bpepa@msn.bc.ca> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: hacking attempts Message-ID: <373A3B4B.82D780C4@borg.com> References: <Pine.BSF.4.05.9905020120140.347-100000@msn.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
sshd did have problems. Use ssh2 in the ports. No, I'm not an expert on this problem or an ssh2 expert. I cant even remeber where I found out sshd had problems at one time. I think I received a "root shell" mailing about the vulnerability about 6 montsh ago or more. Ben Pepa wrote: > > Hi, > > Today we had several breakins to at least 3 servers in which a > mallisouis person used our servers to ping of death whole networks and > other attacks to others networks (not our own) and also had several irc > bots running through out the night. > > My question: Is there some way to take advantage of sshd to gain access? > Each time he got into our systems, he logged in as root on the first try > and proceeded to use passwd to make a password on the 'toor' account which > he later used as a back door to the root account once I reset the root > password. As a result, I had to take three of our core FreeBSD servers > offline which affected our WAN severly (the firewall server). > > I contacted the ISP where the IP came from and they said someone spoofed > their IP address, but is this possible? Our server log indicated that the > IP it came from generated a RSA key to the server, which I thought would > have to be authenticated to that IP. > > If any one has any ideas how this person keeps getting in, I'd be > interested to know. The servers are all running FreeBSD 3.0-RELEASE, and > all have telnet, pop3, impad, sshd and apache running and one server > is running samba, squid, and webmin. > > Any input is greatly appreciated, > > Ben > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?373A3B4B.82D780C4>