Date: Tue, 22 May 2001 14:40:33 -0400 From: "Mike" <wacky@blinx.net> To: "Chojin" <chojin@nerim.net>, <freebsd-security@FreeBSD.ORG> Cc: <security-officer@FreeBSD.org> Subject: Is there a ftp vuln in 4.3-STABLE Message-ID: <003601c0e2ee$b006bfa0$0700a8c0@com.home.com> References: <Pine.BSF.4.21.0105221226100.202-100000@portal.none.ua> <005301c0e2b7$8a4a6dc0$0245a8c0@chojin>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, My webhosting server I believe recently got hacked. I logged in via ftp using freebsd 4.3-stable stock ftpd and it went directly to /usr/home/ftp and i will paste below what it has. I updated from 4.2-stable to 4.3-stable after the glob() patch came out. So I dont believe that its because of the glob vuln. .010512105058p 010513050858p 010515163904p 010515163907p 010520053658p 010520053659p 010520053700p 010520053701p 010520053702p 010520053709p 1mbtest.ptf frdfakAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA)?P??P??)?P?fish)? f?IF1?V?I???1?V??PTPTS?;P?? pufpafAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA)?P??P??)?P?fish)? f?IF1?V?I???1?V??PTPTS?;P?? ???? Tagged By Wizardz Fxp ???? -Mike -Blinx Networks ----- Original Message ----- From: "Chojin" <chojin@nerim.net> To: <freebsd-security@FreeBSD.ORG> Sent: Tuesday, May 22, 2001 8:05 AM Subject: IPF Rule problem > In my rules I put this: > pass out quick proto tcp from any to any keep state > pass out quick proto udp from any to any keep state > pass out quick proto icmp from any to any keep state > block out quick all > > (123.123.123.123 is an example) > pass in quick proto tcp from any to any port = 23 keep state > ... > block in log quick all > > When I use telnet -s 192.168.69.1 123.123.123.123 it works > telnet -s 127.0.0.1 123.123.123.123 works too > telnet -s 123.123.123.123 123.123.123.123 doesn't work > > Why ? > > Regards. > > Chojin > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003601c0e2ee$b006bfa0$0700a8c0>