Date: Mon, 28 Jul 1997 16:15:13 -0700 (PDT) From: Vincent Poy <vince@mail.MCESTATE.COM> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: security@FreeBSD.ORG, "[Mario1-]" <mario1@PrimeNet.Com>, JbHunt <johnnyu@accessus.net> Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.95.970728161113.3844t-100000@mail.MCESTATE.COM> In-Reply-To: <4908.870127835@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jul 1997, Jordan K. Hubbard wrote: =)I think you are describing the symptom, not the problem. =) =)This looks very much like a system which was broken into and then =)trojan'd to allow easier, more invisible access. How do you know, =)for example, that your telnetd is really telnetd? Did you verify that? ;) Well, because I connect to the system using telnet ;) Also, this guy has been known to break in to machines (theca@wil-de7-10.ix.netcom.com). This is the person who also hacked irc.hardlink.com. I think this person goes around hacking machine after machine, and nobody does anything about it. =)Also, I'd check that inetd.conf file again and make _really sure_ you =)haven't left remote shell access enabled - a lot of people miss that =)because it's not explicitly labelled "rlogin" like they might expect. I checked and disabled everything except telnetd in /etc/inetd.conf and rebooted the machine and then he kicked all of us who are admins out and shutdown the system. Cheers, Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970728161113.3844t-100000>