From owner-freebsd-questions Sat Sep 29 23: 8:48 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtp2.mx.pitdc1.stargate.net (smtp2.mx.pitdc1.stargate.net [206.210.69.142]) by hub.freebsd.org (Postfix) with SMTP id C78C137B407 for ; Sat, 29 Sep 2001 23:08:43 -0700 (PDT) Received: (qmail 9598 invoked from network); 30 Sep 2001 06:08:17 -0000 Received: from unknown (HELO wastegate.net) (209.166.133.100) by smtp2.mx.pitdc1.stargate.net with SMTP; 30 Sep 2001 06:08:17 -0000 Received: (qmail 9698 invoked from network); 30 Sep 2001 06:08:41 -0000 Received: from unknown (HELO mother) (192.168.1.2) by 192.168.1.1 with SMTP; 30 Sep 2001 06:08:41 -0000 From: "Doug Reynolds" To: "FreeBSD" , "Jason" Cc: "questions@freebsd.org" Date: Sun, 30 Sep 2001 02:08:13 -0400 Reply-To: "Doug Reynolds" X-Mailer: PMMail 98 Professional (2.01.1600) For Windows 98 (4.10.2222) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: I was rooted using telnet Message-Id: <20010930060843.C78C137B407@hub.freebsd.org> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 30 Sep 2001 00:38:38 +0000 (GMT), Jason wrote: >I do recall the security notice. I read it on the website and from the >security list. I was already planning a cvsup at the time and I asked a >couple of BSD gurus I know if that when I update my sources by cvsup, >would that take care of the problem. They told me it would. So a couple >of days after I saw the security advisory I cvsuped from >cvsup2.FreeBSD.org (i usually only use 2 or 3) and thought the problem was >taken care of. I don't recall seeing any other advisories. the only thing i can think of is if they hacked u, they probably grabbed your root password and logged on with it. _always_ ssh when you su >> Were you running a ver of FreeBSD prior to July 23, 2001? Versions prior >> to July 23 had a remotely rootable telnetd as per >> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.v1.1.asc >> >> On Sat, 29 Sep 2001, Jason wrote: >> >> > Hello: >> > >> > A couple of days ago I was rooted by someone using a telnet exploit. I >> > have been cvsup'ing my sources regularly and was using 4.4-RC at the >> > time. I've since moved to 4.4-STABLE. It looks like they used some kind >> > of script. I still have it if anyone wants it. Since then I have turned >> > off telnet in inetd and blocked the port with a firewall. >> > >> > Anyone have any ideas on how a person could do this? I looks like this >> > script just tries to move a lot of data for a long period of time. >> > >> > --- >> > Jason >> > jason@jason-n3xt.org >> > >> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > with "unsubscribe freebsd-questions" in the body of the message >> > >> > >> > >> >> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > --- doug reynolds | the maverick | mav@wastegate.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message