Date: Sun, 30 Sep 2001 10:12:02 -0400 From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net> To: "questions@freebsd.org" <questions@FreeBSD.org>, freebsd-questions@FreeBSD.org Subject: Re: I was rooted using telnet Message-ID: <20010930101201.C98775@acadia.ne.mediaone.net> In-Reply-To: <Pine.BSF.4.21.0109301334390.6584-100000@jason-n3xt.org> References: <200109300608.f8U68gK04314@jason-n3xt.org> <Pine.BSF.4.21.0109301334390.6584-100000@jason-n3xt.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/30/01 01:35 PM, Jason sat at the `puter and typed: > I personally only use ssh when I am remote. I don't think that is the > problem. No one else has privileges on my box and I don't su remotely > unless it's something that can't possibly wait until I get home. How about the password? Is it a 'strong' one? How easy would it have been to find thru brute force? I imagine you haven't seen anything on your daily security output, or you would have mentioned that. Lou > --- > Jason > jason@jason-n3xt.org > > On Sun, 30 Sep 2001, Doug Reynolds wrote: > > > On Sun, 30 Sep 2001 00:38:38 +0000 (GMT), Jason wrote: > > > > >I do recall the security notice. I read it on the website and from the > > >security list. I was already planning a cvsup at the time and I asked a > > >couple of BSD gurus I know if that when I update my sources by cvsup, > > >would that take care of the problem. They told me it would. So a couple > > >of days after I saw the security advisory I cvsuped from > > >cvsup2.FreeBSD.org (i usually only use 2 or 3) and thought the problem was > > >taken care of. I don't recall seeing any other advisories. > > > > the only thing i can think of is if they hacked u, they probably > > grabbed your root password and logged on with it. _always_ ssh when > > you su > > > > > > > > > > >> Were you running a ver of FreeBSD prior to July 23, 2001? Versions prior > > >> to July 23 had a remotely rootable telnetd as per > > >> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.v1.1.asc > > >> > > >> On Sat, 29 Sep 2001, Jason wrote: > > >> > > >> > Hello: > > >> > > > >> > A couple of days ago I was rooted by someone using a telnet exploit. I > > >> > have been cvsup'ing my sources regularly and was using 4.4-RC at the > > >> > time. I've since moved to 4.4-STABLE. It looks like they used some kind > > >> > of script. I still have it if anyone wants it. Since then I have turned > > >> > off telnet in inetd and blocked the port with a firewall. > > >> > > > >> > Anyone have any ideas on how a person could do this? I looks like this > > >> > script just tries to move a lot of data for a long period of time. > > >> > > > >> > --- > > >> > Jason > > >> > jason@jason-n3xt.org > > >> > > > >> > > > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org > > >> > with "unsubscribe freebsd-questions" in the body of the message > > >> > > > >> > > > >> > > > >> > > >> > > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > > >with "unsubscribe freebsd-questions" in the body of the message > > > > > > > --- > > doug reynolds | the maverick | mav@wastegate.net > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Computer, n.: An electronic entity which performs sequences of useful steps in a totally understandable, rigorously logical manner. If you believe this, see me about a bridge I have for sale in Manhattan. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010930101201.C98775>