FreeBSD Mail Archives

Date:      Tue, 22 May 2001 14:40:33 -0400
From:      "Mike" <wacky@blinx.net>
To:        "Chojin" <chojin@nerim.net>, <freebsd-security@FreeBSD.ORG>
Cc:        <security-officer@FreeBSD.org>
Subject:   Is there a ftp vuln in 4.3-STABLE
Message-ID:  <003601c0e2ee$b006bfa0$0700a8c0@com.home.com>
References:  <Pine.BSF.4.21.0105221226100.202-100000@portal.none.ua> <005301c0e2b7$8a4a6dc0$0245a8c0@chojin>

Hi,
    My webhosting server I believe recently got hacked. I logged in via ftp
using freebsd 4.3-stable stock ftpd and it went directly to /usr/home/ftp
and i will paste below what it has. I updated from 4.2-stable to 4.3-stable
after the glob() patch came out. So I dont believe that its because of the
glob vuln.

.010512105058p
010513050858p
010515163904p
010515163907p
010520053658p
010520053659p
010520053700p
010520053701p
010520053702p
010520053709p
1mbtest.ptf
frdfakAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA)?P??P??)?P?fish)?
f?IF1?V?I???1?V??PTPTS?;P??
pufpafAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA)?P??P??)?P?fish)?
f?IF1?V?I???1?V??PTPTS?;P??
???? Tagged By Wizardz Fxp ????

-Mike
-Blinx Networks
----- Original Message -----
From: "Chojin" <chojin@nerim.net>
To: <freebsd-security@FreeBSD.ORG>
Sent: Tuesday, May 22, 2001 8:05 AM
Subject: IPF Rule problem


> In my rules I put this:
> pass out quick proto tcp from any to any keep state
> pass out quick proto udp from any to any keep state
> pass out quick proto icmp from any to any keep state
> block out quick all
>
> (123.123.123.123 is an example)
> pass in quick proto tcp from any to any port = 23 keep state
> ...
> block in log quick all
>
> When I use telnet -s 192.168.69.1 123.123.123.123 it works
> telnet -s 127.0.0.1 123.123.123.123 works too
> telnet -s 123.123.123.123 123.123.123.123  doesn't work
>
> Why ?
>
> Regards.
>
> Chojin
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003601c0e2ee$b006bfa0$0700a8c0>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation