Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 12 May 1999 22:39:07 -0400
From:      "Mark S. Reichman" <mark@borg.com>
To:        Ben Pepa <bpepa@msn.bc.ca>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: hacking attempts
Message-ID:  <373A3B4B.82D780C4@borg.com>
References:  <Pine.BSF.4.05.9905020120140.347-100000@msn.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
sshd did have problems.  Use ssh2 in the ports.
No, I'm not an expert on this problem or an
ssh2 expert.  I cant even remeber where I found
out sshd had problems at one time.  I think
I received a "root shell" mailing about the
vulnerability about 6 montsh ago or more.


Ben Pepa wrote:
> 
> Hi,
> 
> Today we had several breakins to at least 3 servers in which a
> mallisouis person used our servers to ping of death whole networks and
> other attacks to  others networks (not our own) and also had several irc
> bots running through out the night.
> 
> My question:  Is there some way to take advantage of sshd to gain access?
> Each time he got into our systems, he logged in as root on the first try
> and proceeded to use passwd to make a password on the 'toor' account which
> he later used as a back door to the root account once I reset the root
> password.  As a result, I had to take three of our core FreeBSD servers
> offline which affected our WAN severly (the firewall server).
> 
> I contacted the ISP where the IP came from and they said someone spoofed
> their IP address, but is this possible?  Our server log indicated that the
> IP it came from generated a RSA key to the server, which I thought would
> have to be authenticated to that IP.
> 
> If any one has any ideas how this person keeps getting in, I'd be
> interested to know.  The servers are all running FreeBSD 3.0-RELEASE, and
> all have telnet, pop3, impad, sshd and apache running and one server
> is running samba, squid, and webmin.
> 
> Any input is greatly appreciated,
> 
> Ben
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?373A3B4B.82D780C4>