From owner-freebsd-questions  Sun Sep 30  7:14:35 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from chmls20.mediaone.net (chmls20.mediaone.net [24.147.1.156])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4D02C37B40C; Sun, 30 Sep 2001 07:14:26 -0700 (PDT)
Received: from canada.acadia.ne.mediaone.net (acadia.ne.mediaone.net [65.96.185.189])
	by chmls20.mediaone.net (8.11.1/8.11.1) with ESMTP id f8UEEwx13572;
	Sun, 30 Sep 2001 10:14:58 -0400 (EDT)
Received: (from leblanc@localhost)
	by canada.acadia.ne.mediaone.net (8.11.5/8.11.5) id f8UEC2f98883;
	Sun, 30 Sep 2001 10:12:02 -0400 (EDT)
	(envelope-from leblanc)
Date: Sun, 30 Sep 2001 10:12:02 -0400
From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net>
To: "questions@freebsd.org" <questions@FreeBSD.org>,
	freebsd-questions@FreeBSD.org
Subject: Re: I was rooted using telnet
Message-ID: <20010930101201.C98775@acadia.ne.mediaone.net>
Reply-To: freebsd-questions@FreeBSD.org
Mail-Followup-To: "questions@freebsd.org" <questions@FreeBSD.ORG>,
	freebsd-questions@FreeBSD.org
References: <200109300608.f8U68gK04314@jason-n3xt.org> <Pine.BSF.4.21.0109301334390.6584-100000@jason-n3xt.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <Pine.BSF.4.21.0109301334390.6584-100000@jason-n3xt.org>
User-Agent: Mutt/1.3.22.1i
X-bright-idea: Lets abolish HTML mail!
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On 09/30/01 01:35 PM, Jason sat at the `puter and typed:
> I personally only use ssh when I am remote.  I don't think that is the
> problem.  No one else has privileges on my box and I don't su remotely
> unless it's something that can't possibly wait until I get home.

How about the password?  Is it a 'strong' one?  How easy would it have
been to find thru brute force?

I imagine you haven't seen anything on your daily security output, or
you would have mentioned that.

Lou
> ---
> Jason
> jason@jason-n3xt.org
> 
> On Sun, 30 Sep 2001, Doug Reynolds wrote:
> 
> > On Sun, 30 Sep 2001 00:38:38 +0000 (GMT), Jason wrote:
> > 
> > >I do recall the security notice.  I read it on the website and from the
> > >security list.  I was already planning a cvsup at the time and I asked a
> > >couple of BSD gurus I know if that when I update my sources by cvsup,
> > >would that take care of the problem.  They told me it would.  So a couple
> > >of days after I saw the security advisory I cvsuped from
> > >cvsup2.FreeBSD.org (i usually only use 2 or 3) and thought the problem was
> > >taken care of.  I don't recall seeing any other advisories.
> > 
> > the only thing i can think of is if they hacked u, they probably
> > grabbed your root password and logged on with it.  _always_ ssh when
> > you su
> > 
> > 
> > 
> > 
> > >> Were you running a ver of FreeBSD prior to July 23, 2001? Versions prior
> > >> to July 23 had a remotely rootable telnetd as per
> > >> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.v1.1.asc
> > >> 
> > >> On Sat, 29 Sep 2001, Jason wrote:
> > >> 
> > >> > Hello:
> > >> >
> > >> > A couple of days ago I was rooted by someone using a telnet exploit.  I
> > >> > have been cvsup'ing my sources regularly and was using 4.4-RC at the
> > >> > time.  I've since moved to 4.4-STABLE.  It looks like they used some kind
> > >> > of script.  I still have it if anyone wants it.  Since then I have turned
> > >> > off telnet in inetd and blocked the port with a firewall.
> > >> >
> > >> > Anyone have any ideas on how a person could do this?  I looks like this
> > >> > script just tries to move a lot of data for a long period of time.
> > >> >
> > >> > ---
> > >> > Jason
> > >> > jason@jason-n3xt.org
> > >> >
> > >> >
> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > >> > with "unsubscribe freebsd-questions" in the body of the message
> > >> >
> > >> >
> > >> >
> > >> 
> > >> 
> > >
> > >
> > >To Unsubscribe: send mail to majordomo@FreeBSD.org
> > >with "unsubscribe freebsd-questions" in the body of the message
> > >
> > 
> > ---
> > doug reynolds | the maverick | mav@wastegate.net
> > 
> > 
> > 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 

-- 
Louis LeBlanc       leblanc@acadia.ne.mediaone.net
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://acadia.ne.mediaone.net                 ԿԬ

Computer, n.:
  An electronic entity which performs sequences of useful steps in a
  totally understandable, rigorously logical manner.  If you believe
  this, see me about a bridge I have for sale in Manhattan.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message