Date: Sun, 2 May 1999 01:34:36 -0700 (PDT) From: Ben Pepa <bpepa@msn.bc.ca> To: freebsd-questions@freebsd.org Cc: bpepa@sd40.bc.ca Subject: hacking attempts Message-ID: <Pine.BSF.4.05.9905020120140.347-100000@msn.bc.ca>
next in thread | raw e-mail | index | archive | help
Hi, Today we had several breakins to at least 3 servers in which a mallisouis person used our servers to ping of death whole networks and other attacks to others networks (not our own) and also had several irc bots running through out the night. My question: Is there some way to take advantage of sshd to gain access? Each time he got into our systems, he logged in as root on the first try and proceeded to use passwd to make a password on the 'toor' account which he later used as a back door to the root account once I reset the root password. As a result, I had to take three of our core FreeBSD servers offline which affected our WAN severly (the firewall server). I contacted the ISP where the IP came from and they said someone spoofed their IP address, but is this possible? Our server log indicated that the IP it came from generated a RSA key to the server, which I thought would have to be authenticated to that IP. If any one has any ideas how this person keeps getting in, I'd be interested to know. The servers are all running FreeBSD 3.0-RELEASE, and all have telnet, pop3, impad, sshd and apache running and one server is running samba, squid, and webmin. Any input is greatly appreciated, Ben To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9905020120140.347-100000>