From owner-freebsd-security Mon May 6 12: 2: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from fed1mtao04.cox.net (fed1mtao04.cox.net [68.6.19.241]) by hub.freebsd.org (Postfix) with ESMTP id A4E3D37B401 for ; Mon, 6 May 2002 12:01:54 -0700 (PDT) Received: from ocnetworking.com ([68.4.231.87]) by fed1mtao04.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP id <20020506190155.BGTK26656.fed1mtao04.cox.net@ocnetworking.com> for ; Mon, 6 May 2002 15:01:55 -0400 Message-ID: <3CD6D3A2.1CC77A9B@ocnetworking.com> Date: Mon, 06 May 2002 12:04:02 -0700 From: "Dylan A. Reinhold" Organization: InterNetworking http://www.ocnetworking.com X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: security@freebsd.org Subject: Telent Exploit Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think I just got hit with a telent exploit. I noticed some network activity on my cable modem, Logged in my gateway ran 'w' no one else but ran 'top' I had telned running, in my security logs I found this: May 5 16:27:45 cx17105-b /kernel: ipfw: 4000 Accept TCP 211.234.111.226:58981 68**.**.**:23 in via ep0 May 5 16:27:46 cx17105-b /kernel: ipfw: 4000 Accept TCP 211.234.111.226:59085 68.**.**.**:23 in via ep0 May 5 16:27:47 cx17105-b /kernel: ipfw: 4000 Accept TCP 211.234.111.226:59086 **.**.**:23 in via ep0 Im running stable what gives???? The worst part was I only had Telnet enabled for 3 hours.... $uname -a FreeBSD cx17105-b 4.5-STABLE FreeBSD 4.5-STABLE #2: Mon Apr 8 20:07:25 PDT 2002 root@cx17105-b:/usr/obj/usr/src/sys/SPUD i386 Thanks, Dylan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message