Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 25 Nov 2001 15:35:51 +0300 (EAT)
From:      <ksemat@wawa.eahd.or.ug>
To:        "Bill A. K." <billak@fox56.tv>
Cc:        <freebsd-isp@FreeBSD.ORG>
Subject:   Re: Attack on server, need help ASAP
Message-ID:  <Pine.LNX.4.33.0111251533340.16543-100000@sanyu1.sanyutel.com>
In-Reply-To: <000a01c1751e$b4fe5500$6501a8c0@bill>

next in thread | previous in thread | raw e-mail | index | archive | help


On Sat, 24 Nov 2001, Bill A. K. wrote:

> My server was just attacked.........someone tried logging in telnet, and apparently shut down the telnet daemon from trying (over 400 times)....theres NOTHING in the logs, the ips were on the screen, but stupid me started typing stuff and now they're gone. Is there a way to get back what was on the screen, like a history of stdout? Please, someone help, asap, I would really appreciate it.

Not  a solution to your problem but I may as well ask:

1.Why are you running telnet when there is ssh?
2. Is your Freebsd machine patched against the telnetd exploit which was
relased some months ago? if nto start looking for signs of intrusion and
thhink of a reinstall.

3. Do a cvsup to the latest release or stable version of freeBSD.

Noah.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0111251533340.16543-100000>