From owner-freebsd-security  Fri Dec  1  7:49:48 2000
Delivered-To: freebsd-security@freebsd.org
Received: from joe.pythonvideo.com (joe.pythonvideo.com [209.226.29.94])
	by hub.freebsd.org (Postfix) with ESMTP id 288C437B401
	for <freebsd-security@FreeBSD.ORG>; Fri,  1 Dec 2000 07:49:45 -0800 (PST)
Received: from localhost (joe@localhost)
	by joe.pythonvideo.com (8.11.1/8.11.0) with ESMTP id eB1FmtW02350;
	Fri, 1 Dec 2000 10:48:55 -0500 (EST)
	(envelope-from joe@advancewebhosting.com)
X-Authentication-Warning: joe.pythonvideo.com: joe owned process doing -bs
Date: Fri, 1 Dec 2000 10:48:55 -0500 (EST)
From: Joe Oliveiro <joe@advancewebhosting.com>
X-Sender: joe@joe.pythonvideo.com
To: Marc Rassbach <marc@milestonerdl.com>
Cc: Nevermind <never@nevermind.kiev.ua>,
	Matjaz Martincic <matjaz.martincic@hermes.si>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Move along, nothing to see here.  Re: Important!! Vulnerability
 in standard ftpd
In-Reply-To: <Pine.BSF.4.21.0012010902490.16738-100000@tandem.milestonerdl.com>
Message-ID: <Pine.BSF.4.21.0012011048510.2347-100000@joe.pythonvideo.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Very well said!

FreeBSD - The BEST upgrade you can do to NT!

On Fri, 1 Dec 2000, Marc Rassbach wrote:

> 
> 
> On Fri, 1 Dec 2000, Nevermind wrote:
> 
> > No, I had only trusted non-anonymous ftp accounts. And sure, very-trusted shell
> > accounts. All of them have full sudo, but all of us were using only ssh,
> > telnetd was closed, noone accessed to non-anonymous ftp from outside network.
> 
> The Accounts and these people may all have been trusted.  But what about
> the people who knew the people with the access?
> 
> Could THEY be trusted?
> 
> Did one of them use the same password on all machines, and therefore had a
> valid password from a non-trustable system?
> 
> Unless you have logs of all commands/keystrokes of your remote users,
> stored on a seperate machine, you don't know if the break-in happened by
> one of your remote users ID's.
> 
> If you can provide documentation to the break-in, good.  If you
> have a script (either printed directions or an actual automated
> script) that does the break in, great.  I'm positive Kris would love to
> see it.  If all you can do is hand-wave and talk in vague generalities,
> then please don't post as "Important!! Vulnerability in standard ftpd" try
> something like "Did they use ftpd to break in?" or "I had a break
> in....would someone help me figure out what happned" or "Someone was
> messing with my ftp setup...I could use some help."  I'm sure your break
> in was real, and raised your blood pressure, but your alarmist style of
> post raised the blood pressure of many sysadmins today.  Consider their
> health....all that caffeine and sugar combined with a spike in blood
> pressure will kill them.
> 
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message