Date: Fri, 1 Dec 2000 10:48:55 -0500 (EST) From: Joe Oliveiro <joe@advancewebhosting.com> To: Marc Rassbach <marc@milestonerdl.com> Cc: Nevermind <never@nevermind.kiev.ua>, Matjaz Martincic <matjaz.martincic@hermes.si>, freebsd-security@FreeBSD.ORG Subject: Re: Move along, nothing to see here. Re: Important!! Vulnerability in standard ftpd Message-ID: <Pine.BSF.4.21.0012011048510.2347-100000@joe.pythonvideo.com> In-Reply-To: <Pine.BSF.4.21.0012010902490.16738-100000@tandem.milestonerdl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Very well said! FreeBSD - The BEST upgrade you can do to NT! On Fri, 1 Dec 2000, Marc Rassbach wrote: > > > On Fri, 1 Dec 2000, Nevermind wrote: > > > No, I had only trusted non-anonymous ftp accounts. And sure, very-trusted shell > > accounts. All of them have full sudo, but all of us were using only ssh, > > telnetd was closed, noone accessed to non-anonymous ftp from outside network. > > The Accounts and these people may all have been trusted. But what about > the people who knew the people with the access? > > Could THEY be trusted? > > Did one of them use the same password on all machines, and therefore had a > valid password from a non-trustable system? > > Unless you have logs of all commands/keystrokes of your remote users, > stored on a seperate machine, you don't know if the break-in happened by > one of your remote users ID's. > > If you can provide documentation to the break-in, good. If you > have a script (either printed directions or an actual automated > script) that does the break in, great. I'm positive Kris would love to > see it. If all you can do is hand-wave and talk in vague generalities, > then please don't post as "Important!! Vulnerability in standard ftpd" try > something like "Did they use ftpd to break in?" or "I had a break > in....would someone help me figure out what happned" or "Someone was > messing with my ftp setup...I could use some help." I'm sure your break > in was real, and raised your blood pressure, but your alarmist style of > post raised the blood pressure of many sysadmins today. Consider their > health....all that caffeine and sugar combined with a spike in blood > pressure will kill them. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012011048510.2347-100000>