From owner-freebsd-questions  Sun Aug  1 19: 3:35 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from allegro.lemis.com (allegro.lemis.com [192.109.197.134])
	by hub.freebsd.org (Postfix) with ESMTP id 1593F14C87
	for <freebsd-questions@FreeBSD.ORG>; Sun,  1 Aug 1999 19:03:30 -0700 (PDT)
	(envelope-from grog@freebie.lemis.com)
Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137])
	by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id LAA21879;
	Mon, 2 Aug 1999 11:32:51 +0930 (CST)
Received: (from grog@localhost)
	by freebie.lemis.com (8.9.3/8.9.0) id LAA57623;
	Mon, 2 Aug 1999 11:32:51 +0930 (CST)
Date: Mon, 2 Aug 1999 11:32:51 +0930
From: Greg Lehey <grog@lemis.com>
To: Jerry Raynor <jerryr@ComCAT.COM>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Getting Hacked threough POPPER
Message-ID: <19990802113251.K64532@freebie.lemis.com>
References: <Pine.GSO.4.10.9908012140180.18639-100000@uw>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
In-Reply-To: <Pine.GSO.4.10.9908012140180.18639-100000@uw>; from Jerry Raynor on Sun, Aug 01, 1999 at 09:48:09PM -0400
WWW-Home-Page: http://www.lemis.com/~grog
X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF  13 24 52 F8 6D A4 95 EF
Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-41-739-7062
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sunday,  1 August 1999 at 21:48:09 -0400, Jerry Raynor wrote:
> I'm using Sendmail 8.9 and FreeBSD 2.2.5-R (yes I know I have to upgrade,
> I'm working on it).  I keep getting attacked through Popper and shortly
> after I see such an attack they login with a username on my system.

Oops.

> How are they doing this 

Take a look at
http://www.cert.org/advisories/CA-98.08.qpopper_vul.html, which
describes it in some detail.

> and how can I stop it!?!

Install the latest version of popper.

> I've obviously added these domain to deny them from my firewall.  Is
> there a way to prevent connection through popper?

If you're not using popper, disable it in /etc/inetd.conf.  Don't
forget to restart inetd after you do.

Greg
--
When replying to this message, please copy the original recipients.
For more information, see http://www.lemis.com/questions.html
See complete headers for address, home page and phone numbers
finger grog@lemis.com for PGP public key


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message