From owner-freebsd-security  Wed Jul 22 00:02:45 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA24147
          for freebsd-security-outgoing; Wed, 22 Jul 1998 00:02:45 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from trinity.radio-do.de (fn@trinity.Radio-do.de [193.101.164.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA24136
          for <security@FreeBSD.ORG>; Wed, 22 Jul 1998 00:02:39 -0700 (PDT)
          (envelope-from fn@trinity.radio-do.de)
Received: (from fn@localhost)
	by trinity.radio-do.de (8.8.8/8.8.5/RADIO-1.1) id JAA00896;
	Wed, 22 Jul 1998 09:01:50 +0200 (CEST)
Message-ID: <19980722090149.A877@radio-do.de>
Date: Wed, 22 Jul 1998 09:01:49 +0200
From: Frank Nobis <fn@radio-do.de>
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>,
        "Lee Crites (ASC)" <leec@adam.adonai.net>
Cc: Drew Derbyshire <ahd@kew.com>, security@FreeBSD.ORG
Subject: Re: hacked and don't know why
References: <Pine.BSF.3.96.980721185446.5721A-100000@adam.adonai.net> <11754.901084742@time.cdrom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1i
In-Reply-To: <11754.901084742@time.cdrom.com>; from Jordan K. Hubbard on Tue, Jul 21, 1998 at 10:19:02PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Jul 21, 1998 at 10:19:02PM -0700, Jordan K. Hubbard wrote:
> > This is almost a frightening message.  We were hacked like this
> > two weeks ago.  How frequently are FreeBSD systems getting hacked
> > into?  Is there even anyone who has stats on this kind of thing?
> 
> Not frightening, just depressing because once you investigate these
> incidents you find that in 99.9% of the cases, it was down to one of
> two things:
> 
> 1. A security hole introduced through bad administration (someone
>    fumble-fingers a firewall config and now suddenly the entire net is
>    open to the outside).
> 
> 2. A well-known security hole that has been announced on Bugtrax and
>    other places but is not closed by the local admins. 

That is exactly the point. A few days after the qpopper exloit has 
been published on buqtraq, I monitored a few hack attempts at my 
gateway. Good for me that I installed the patched version of qpopper 
one day before.

Frank

-- 
 Frank Nobis                            Email: PGP AVAILABLE
 Landgrafenstr. 130                     dg3dcn   http://www.radio-do.de/~fn/
 44139 Dortmund				Powered by FreeBSD


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message