Date: Thu, 27 Jul 2000 09:53:30 -0700 From: Alfred Perlstein <bright@wintelcom.net> To: npd@el.com.br Cc: freebsd-stable@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Auth service sequencial probe. Message-ID: <20000727095330.Y17222@fw.wintelcom.net> In-Reply-To: <39804D5D.B6634FB0@el.com.br>; from g-paiva@el.com.br on Thu, Jul 27, 2000 at 11:55:25AM -0300 References: <39804D5D.B6634FB0@el.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
* Gilson de Paiva <g-paiva@el.com.br> [000727 07:53] wrote:
> Hi,
> Does anybody know any exploit or weakness of FreeBSD's auth service?
> This is ( a part of ) log message generated by a ipfw rule denying any setup connection to
> my external ip ( ipfw add deny log logamount 500 tcp from any to any in via ${oif} setup
> ).
> The interesting fact is that no other service was probed, meaning that this was the
> service trying to be contacted, not a nmap or other scan.
>
> [...]
> ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
> ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
> ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
> ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
> ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
> [ that keeps for a while ...]
>
> Any ideas?
Identd vulnerabities are _really_ old.
More likely you're seeing that ident is checked by a lot of services
nowadays, if you contact an SMTP server directly it should come
back and attempt to ident you.
And please do not cross post, if you think it belongs on -questions, then
that's the only place you should post it.
thanks,
-Alfred
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000727095330.Y17222>