From owner-freebsd-security  Wed Jul 22 13:27:44 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA18134
          for freebsd-security-outgoing; Wed, 22 Jul 1998 13:27:44 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns.cityip.co.za (ns.cityip.co.za [196.25.223.140])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id NAA18083
          for <security@freebsd.org>; Wed, 22 Jul 1998 13:27:22 -0700 (PDT)
          (envelope-from wjv@cityip.co.za)
Received: from wjv by ns.cityip.co.za with local (Exim 1.82 #2)
	id 0yz5Qo-0002Pa-00; Wed, 22 Jul 1998 22:24:10 +0200
Message-ID: <19980722222410.A9261@cityip.co.za>
Date: Wed, 22 Jul 1998 22:24:10 +0200
From: Johann Visagie <wjv@cityip.co.za>
To: Drew Derbyshire <ahd@kew.com>, brett@lariat.org
Cc: security@FreeBSD.ORG
Subject: Re: hacked and don't know why
References: <199807221453.IAA03997@lariat.lariat.org> <199807221535.LAA03172@kendra.ne.mediaone.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1i
In-Reply-To: <199807221535.LAA03172@kendra.ne.mediaone.net>; from Drew Derbyshire on Wed, Jul 22, 1998 at 11:35:16AM -0400
X-PGP: ftp://ftp.cityip.co.za/users/wjv/pubkey.asc
X-URL: http://www.cityip.co.za/~wjv/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 22 Jul 1998 at 11:35 SAT, Drew Derbyshire wrote:
>
> I did not see the corruption problems reported with the other QPOP
> attack; as I noted before, the visitors to my system were surgical
> in their wanton destruction, I think they wanted me to know they
> could done worse but didn't.

In a certain sense you're lucky.  Many of these latest vulnerabilities had
pre-cooked exploits released for them.  Add mscan to the mix, and it was a
real script kiddie hackfest.  I know of a number of servers which were
fdisked.  A more "experienced" hacker would never stoop to that.  In fact,
you'd probably never even know he was there.  And he'd never leave.

-- V

Johann Visagie | Email: wjv@CityIP.co.za | Tel: +27 21 419-7878

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message