Date: Fri, 1 Dec 2000 09:16:16 -0600 (CST) From: Marc Rassbach <marc@milestonerdl.com> To: Nevermind <never@nevermind.kiev.ua> Cc: Matjaz Martincic <matjaz.martincic@hermes.si>, freebsd-security@FreeBSD.ORG Subject: Move along, nothing to see here. Re: Important!! Vulnerability in standard ftpd Message-ID: <Pine.BSF.4.21.0012010902490.16738-100000@tandem.milestonerdl.com> In-Reply-To: <20001201124713.K2185@nevermind.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 Dec 2000, Nevermind wrote: > No, I had only trusted non-anonymous ftp accounts. And sure, very-trusted shell > accounts. All of them have full sudo, but all of us were using only ssh, > telnetd was closed, noone accessed to non-anonymous ftp from outside network. The Accounts and these people may all have been trusted. But what about the people who knew the people with the access? Could THEY be trusted? Did one of them use the same password on all machines, and therefore had a valid password from a non-trustable system? Unless you have logs of all commands/keystrokes of your remote users, stored on a seperate machine, you don't know if the break-in happened by one of your remote users ID's. If you can provide documentation to the break-in, good. If you have a script (either printed directions or an actual automated script) that does the break in, great. I'm positive Kris would love to see it. If all you can do is hand-wave and talk in vague generalities, then please don't post as "Important!! Vulnerability in standard ftpd" try something like "Did they use ftpd to break in?" or "I had a break in....would someone help me figure out what happned" or "Someone was messing with my ftp setup...I could use some help." I'm sure your break in was real, and raised your blood pressure, but your alarmist style of post raised the blood pressure of many sysadmins today. Consider their health....all that caffeine and sugar combined with a spike in blood pressure will kill them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012010902490.16738-100000>