From owner-freebsd-stable  Thu Jul 27  9:53:59 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3115A37C1C9; Thu, 27 Jul 2000 09:53:42 -0700 (PDT)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id e6RGrUn25046;
	Thu, 27 Jul 2000 09:53:30 -0700 (PDT)
Date: Thu, 27 Jul 2000 09:53:30 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: npd@el.com.br
Cc: freebsd-stable@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject: Re: Auth service sequencial probe.
Message-ID: <20000727095330.Y17222@fw.wintelcom.net>
References: <39804D5D.B6634FB0@el.com.br>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.4i
In-Reply-To: <39804D5D.B6634FB0@el.com.br>; from g-paiva@el.com.br on Thu, Jul 27, 2000 at 11:55:25AM -0300
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

* Gilson de Paiva <g-paiva@el.com.br> [000727 07:53] wrote:
> Hi,
> Does anybody know any exploit or weakness of FreeBSD's auth service?
> This is ( a part of ) log message generated by a ipfw rule denying any setup connection to
> my external ip ( ipfw add deny log logamount 500 tcp from any to any in via ${oif} setup
> ).
> The interesting fact is that no other service was probed, meaning that this was the
> service trying to be contacted, not a nmap or other scan.
> 
> [...]
> ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
> ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
> ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
> ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
> ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
> [ that keeps for a while ...]
> 
> Any ideas?

Identd vulnerabities are _really_ old.

More likely you're seeing that ident is checked by a lot of services
nowadays, if you contact an SMTP server directly it should come
back and attempt to ident you.

And please do not cross post, if you think it belongs on -questions, then
that's the only place you should post it.

thanks,
-Alfred


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message