Date: Mon, 12 Oct 1998 18:29:21 -0600 From: Brett Glass <brett@lariat.org> To: "Leonard C." <leonardc9@usa.net>, security@FreeBSD.ORG Subject: Re: URGENT! Need help determining scope of attack... Message-ID: <4.1.19981012181921.066fe700@mail.lariat.org> In-Reply-To: <v04011702b24835d1f943@[10.0.0.2]>
next in thread | previous in thread | raw e-mail | index | archive | help
This guy could habe been trying LOTS of exploits, but the key ones are the Qualcomm QPopper hole and Back Orifice (he's searching for a server). He may have su'ed successfully to root. (What version of QPopper are you running? Telnet to Port 110 on the machine to find out if it's one that can be compromised.) The IP addresses are fairly likely to be accurate because they are in the same general range. (Those who forge IP addresses usually scatter them all over the map.) Looks like you're being hit by a kid in a dorm at UC Berkeley. Perhaps you should contact the admins there. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19981012181921.066fe700>