Date: Mon, 24 Jun 1996 08:25:32 +0200 (MET DST) From: guido@gvr.win.tue.nl (Guido van Rooij) To: jkh@time.cdrom.com (Jordan K. Hubbard) Cc: hackers@freebsd.org, security@freebsd.org, ache@freebsd.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606240625.IAA11793@gvr.win.tue.nl> In-Reply-To: <7979.835575935@time.cdrom.com> from "Jordan K. Hubbard" at "Jun 23, 96 05:25:35 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> A traceroute from wcarchive doesn't show me much, but if anybody can > gleen some userful information out of it I'd appreciate it. > > Thanks! > > 5 Helsinki2.FI.EU.net (134.222.228.45) 555.687 ms 518.720 ms 507.602 ms > 6 StPetersburg.RU.EU.net (134.222.23.2) 549.172 ms 592.407 ms 630.928 ms > 7 spb-2-gw.spb.su (193.124.83.66) 547.190 ms 573.518 ms 569.656 ms > 8 hqlgu-LE.pu.ru (193.124.255.134) 519.318 ms 657.805 ms 651.496 ms > 9 slip-0.pu.ru (193.124.85.1) 840.489 ms 671.729 ms 650.750 ms > 10 nat.pu.ru (193.124.85.134) 638.649 ms 653.720 ms 720.170 ms > 11 gw.pu.ru (193.124.85.219) 752.144 ms 645.046 ms 641.413 ms > 12 localhost (127.0.0.1) 670.113 ms 702.233 ms 695.733 ms > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Do you have anti-spoof filter rules in your backbone router? If not install them. If so, please add packets coming in from localhost to them. I don't know why he got in, but you can suspect rlogin plus a localhost entry in host.equiv combined with source routed packets. In general it is a bad idea to trust localhost, as this is a reletaive ip address. Unless of course you either block packets coming from localhost or block source routed packets. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606240625.IAA11793>