From owner-freebsd-security Mon May 6 14: 2:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from koibito.iisc.com (koibito.iisc.com [198.5.5.5]) by hub.freebsd.org (Postfix) with ESMTP id 5240937B430 for ; Mon, 6 May 2002 14:02:22 -0700 (PDT) Received: from koibito.iisc.com ([127.0.0.1]) by koibito.iisc.com (8.9.0/8.9.0) with ESMTP id RAA22182 for ; Mon, 6 May 2002 17:02:21 -0400 (EDT) Message-Id: <200205062102.RAA22182@koibito.iisc.com> To: security@FreeBSD.ORG Subject: Re: Telnet Exploit In-Reply-To: Your message of "Mon, 06 May 2002 13:25:03 PDT." <20020506132502.D59402@xor.obsecurity.org> Date: Mon, 06 May 2002 17:02:20 -0400 From: "Charles M. Richmond" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > May 5 16:27:45 cx17105-b /kernel: ipfw: 4000 Accept TCP > > 211.234.111.226:58981 68**.**.**:23 in via ep0 > > May 5 16:27:46 cx17105-b /kernel: ipfw: 4000 Accept TCP > > 211.234.111.226:59085 68.**.**.**:23 in via ep0 > > May 5 16:27:47 cx17105-b /kernel: ipfw: 4000 Accept TCP > > 211.234.111.226:59086 **.**.**:23 in via ep0 > > > > Im running stable what gives???? The worst part was I only had Telnet > > enabled for 3 hours.... > Why do you think you were exploited? The above only shows people > connecting to the port. If you don't want people doing that, don't > allow them to. Maybe he was and maybe he wasn't exploited, but 211.234.xxx.xxx is a block of addresses in Korea that are used by so many spammers that we block out the entire range. It is likely that someone was looking for a machine to hijack for spam generation. Charles *********************************************************************** * Charles Richmond Integrated International Systems Corporation * * cmr@iisc.com cmr@acm.org cmr@shore.net http://www.iisc.com * * UNIX Internals, I18N, L10N, X, Realtime Imaging, and Custom S/W * * 131 Bishop's Forest Drive , Waltham , Ma. USA 02452 * * (781) 647 2269 FAX (781) 647 3665 Cellular (781) 389 9777 * *********************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message