From owner-freebsd-chat  Mon Jul 27 16:01:49 1998
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA01068
          for freebsd-chat-outgoing; Mon, 27 Jul 1998 16:01:49 -0700 (PDT)
          (envelope-from owner-freebsd-chat@FreeBSD.ORG)
Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA01058
          for <chat@freebsd.org>; Mon, 27 Jul 1998 16:01:42 -0700 (PDT)
          (envelope-from brett@lariat.org)
Received: (from brett@localhost)
	by lariat.lariat.org (8.8.8/8.8.8) id RAA00688;
	Mon, 27 Jul 1998 17:00:30 -0600 (MDT)
Message-Id: <199807272300.RAA00688@lariat.lariat.org>
X-Sender: brett@mail.lariat.org
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 
Date: Mon, 27 Jul 1998 16:28:36 -0600
To: Greg Pavelcak <gpavelcak@philos.umass.edu>,
        Dag-Erling Coidan 
 =?iso-8859-1?Q?Sm=F8rgrav?= <dag-erli@ifi.uio.no>
From: Brett Glass <brett@lariat.org>
Subject: Re: QPopper exploit
Cc: "Jan B. Koum " <jkb@best.com>, Dennis Reiter <mcneills@accessus.net>,
        chat@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.01.9807271810090.254-100000@tower.my.domain>
References: <xzplnpf59fc.fsf@hrotti.ifi.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 06:14 PM 7/27/98 -0400, Greg Pavelcak wrote:

>> If I were a cracker, the first thing I'd try would be to scan IP
>> ranges known to belong to large ISPs' dialup servers, precisely for
>> that reason (and also because there's a much higher chance of finding
>> machines run by inexperienced or careless people there than amongst
>> permanently connected hosts)
>
>Hmm, major universities for example? (He asks through his UMass
>PPP account.)

Major universities often have LOTS of holes. Many haven't patched that
Annex server problem, and a few even have *wide open* PPP connections
that anyone can use if he or she knows some basic terminal server
commands.

All dial-ins should be carefully firewalled against exploits. We use
SLiRP running on FreeBSD, which is highly effective as a protective layer. 
(See, we're not such slouches on security, even if our mail server WAS hit 
by the QPopper exploit.)

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message