Date: Mon, 6 May 2002 13:25:03 -0700 From: Kris Kennaway <kris@obsecurity.org> To: "Dylan A. Reinhold" <Dylan@ocnetworking.com> Cc: security@freebsd.org Subject: Re: Telent Exploit Message-ID: <20020506132502.D59402@xor.obsecurity.org> In-Reply-To: <3CD6D3A2.1CC77A9B@ocnetworking.com>; from Dylan@ocnetworking.com on Mon, May 06, 2002 at 12:04:02PM -0700 References: <3CD6D3A2.1CC77A9B@ocnetworking.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--OROCMA9jn6tkzFBc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 06, 2002 at 12:04:02PM -0700, Dylan A. Reinhold wrote: > I think I just got hit with a telent exploit. I noticed some network > activity on my cable modem, Logged in my gateway ran 'w' no one else but >=20 > ran 'top' I had telned running, in my security logs I found this: >=20 > May 5 16:27:45 cx17105-b /kernel: ipfw: 4000 Accept TCP > 211.234.111.226:58981 68**.**.**:23 in via ep0 > May 5 16:27:46 cx17105-b /kernel: ipfw: 4000 Accept TCP > 211.234.111.226:59085 68.**.**.**:23 in via ep0 > May 5 16:27:47 cx17105-b /kernel: ipfw: 4000 Accept TCP > 211.234.111.226:59086 **.**.**:23 in via ep0 >=20 > Im running stable what gives???? The worst part was I only had Telnet > enabled for 3 hours.... Why do you think you were exploited? The above only shows people connecting to the port. If you don't want people doing that, don't allow them to. Kris --OROCMA9jn6tkzFBc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE81uaeWry0BWjoQKURAtEhAKC9omgwwxMd0cPhoWdXrBmIIK3QQQCfUVMx ecOfjLTI1BuR+S/OKExOZvw= =Z7jP -----END PGP SIGNATURE----- --OROCMA9jn6tkzFBc-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020506132502.D59402>