From owner-freebsd-questions Tue Sep 21 16:39: 1 1999 Delivered-To: freebsd-questions@freebsd.org Received: from diablo.peritek.com (diablo.peritek.com [198.151.249.9]) by hub.freebsd.org (Postfix) with ESMTP id 3425E15754 for ; Tue, 21 Sep 1999 16:38:58 -0700 (PDT) (envelope-from ibjoe@home.com) Received: from neptune (neptune [198.151.249.84]) by diablo.peritek.com (8.8.7/8.8.7) with SMTP id QAA30043; Tue, 21 Sep 1999 16:38:54 -0700 (PDT) X-Envelope-From: ibjoe@home.com X-Envelope-To: freebsd-questions@freebsd.org Message-Id: <2.2.32.19990921233851.008d4358@netmail.home.com> X-Sender: ibjoe@netmail.home.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 21 Sep 1999 16:38:51 -0700 To: Ben Smithurst From: Joe Bo Subject: Re: is this an attack? Cc: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 10:19 PM 9/21/99 +0100, Ben Smithurst wrote: >Joe Bo wrote: > >> Hi. I'm running FreeBSD v3.2. I have rc.firewall set >> for "open" and in inetd.conf everything is commented out >> except ftp, telnet, shell, login, comsat and ntalk. I >> installed the tcpwrappers port but never configured it. > >I'd suggest you close telnet, shell, and login NOW and start using >ssh. They almost certainly have nothing to do with the "attack" below, >but it's just a good idea to use ssh rather than telnet/rsh/rlogin >anyway. > >I'll let someone more experienced than I diagnose the real problem you >had though. :-) > >-- >Ben Smithurst | PGP: 0x99392F7D >ben@scientia.demon.co.uk | key available from keyservers and > | ben+pgp@scientia.demon.co.uk > Thanks. I have those services open for use on my internal net. I haven't figured out yet how to disable them on my external network card and at the same time leave them enabled on my internal network card. I never telnet/ftp/etc over the public network to my machine, I do have and use ssh for that. I did get some interesting responses that weren't cc'd to the list server. The consensus seems to be yes, it is an attack, but a weak one using ancient security holes that were fixed long ago. And I should report the offense to the adminstrator of attacking network, which seems to be a university, so probably a student.. Anyway, this is my call to arms to take action about security! Thanks to all that responded. Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message