Date: Tue, 21 Sep 1999 16:38:51 -0700 From: Joe Bo <ibjoe@home.com> To: Ben Smithurst <ben@scientia.demon.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: is this an attack? Message-ID: <2.2.32.19990921233851.008d4358@netmail.home.com>
next in thread | raw e-mail | index | archive | help
At 10:19 PM 9/21/99 +0100, Ben Smithurst wrote: >Joe Bo wrote: > >> Hi. I'm running FreeBSD v3.2. I have rc.firewall set >> for "open" and in inetd.conf everything is commented out >> except ftp, telnet, shell, login, comsat and ntalk. I >> installed the tcpwrappers port but never configured it. > >I'd suggest you close telnet, shell, and login NOW and start using >ssh. They almost certainly have nothing to do with the "attack" below, >but it's just a good idea to use ssh rather than telnet/rsh/rlogin >anyway. > >I'll let someone more experienced than I diagnose the real problem you >had though. :-) > >-- >Ben Smithurst | PGP: 0x99392F7D >ben@scientia.demon.co.uk | key available from keyservers and > | ben+pgp@scientia.demon.co.uk > Thanks. I have those services open for use on my internal net. I haven't figured out yet how to disable them on my external network card and at the same time leave them enabled on my internal network card. I never telnet/ftp/etc over the public network to my machine, I do have and use ssh for that. I did get some interesting responses that weren't cc'd to the list server. The consensus seems to be yes, it is an attack, but a weak one using ancient security holes that were fixed long ago. And I should report the offense to the adminstrator of attacking network, which seems to be a university, so probably a student.. Anyway, this is my call to arms to take action about security! Thanks to all that responded. Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2.2.32.19990921233851.008d4358>