From owner-freebsd-questions Sat Sep 29 15:19:39 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.XtremeDev.com (xtremedev.com [216.241.38.65]) by hub.freebsd.org (Postfix) with ESMTP id 8F7C437B408 for ; Sat, 29 Sep 2001 15:19:36 -0700 (PDT) Received: from xtremedev.com (xtremedev.com [216.241.38.65]) by mail.XtremeDev.com (Postfix) with ESMTP id A86D970609; Sat, 29 Sep 2001 16:19:26 -0600 (MDT) Date: Sat, 29 Sep 2001 16:19:26 -0600 (MDT) From: FreeBSD To: Jason Cc: Subject: Re: I was rooted using telnet In-Reply-To: Message-ID: <20010929161826.H54382-100000@Amber.XtremeDev.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Were you running a ver of FreeBSD prior to July 23, 2001? Versions prior to July 23 had a remotely rootable telnetd as per ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.v1.1.asc On Sat, 29 Sep 2001, Jason wrote: > Hello: > > A couple of days ago I was rooted by someone using a telnet exploit. I > have been cvsup'ing my sources regularly and was using 4.4-RC at the > time. I've since moved to 4.4-STABLE. It looks like they used some kind > of script. I still have it if anyone wants it. Since then I have turned > off telnet in inetd and blocked the port with a firewall. > > Anyone have any ideas on how a person could do this? I looks like this > script just tries to move a lot of data for a long period of time. > > --- > Jason > jason@jason-n3xt.org > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message