Date: Mon, 06 May 2002 17:02:20 -0400 From: "Charles M. Richmond" <cmr@iisc.com> To: security@FreeBSD.ORG Subject: Re: Telnet Exploit Message-ID: <200205062102.RAA22182@koibito.iisc.com> In-Reply-To: Your message of "Mon, 06 May 2002 13:25:03 PDT." <20020506132502.D59402@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > May 5 16:27:45 cx17105-b /kernel: ipfw: 4000 Accept TCP > > 211.234.111.226:58981 68**.**.**:23 in via ep0 > > May 5 16:27:46 cx17105-b /kernel: ipfw: 4000 Accept TCP > > 211.234.111.226:59085 68.**.**.**:23 in via ep0 > > May 5 16:27:47 cx17105-b /kernel: ipfw: 4000 Accept TCP > > 211.234.111.226:59086 **.**.**:23 in via ep0 > > > > Im running stable what gives???? The worst part was I only had Telnet > > enabled for 3 hours.... > Why do you think you were exploited? The above only shows people > connecting to the port. If you don't want people doing that, don't > allow them to. Maybe he was and maybe he wasn't exploited, but 211.234.xxx.xxx is a block of addresses in Korea that are used by so many spammers that we block out the entire range. It is likely that someone was looking for a machine to hijack for spam generation. Charles *********************************************************************** * Charles Richmond Integrated International Systems Corporation * * cmr@iisc.com cmr@acm.org cmr@shore.net http://www.iisc.com * * UNIX Internals, I18N, L10N, X, Realtime Imaging, and Custom S/W * * 131 Bishop's Forest Drive , Waltham , Ma. USA 02452 * * (781) 647 2269 FAX (781) 647 3665 Cellular (781) 389 9777 * *********************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205062102.RAA22182>