Date: Mon, 24 Jun 1996 10:22:12 +0200 (MET DST) From: guido@gvr.win.tue.nl (Guido van Rooij) To: jkh@time.cdrom.com (Jordan K. Hubbard) Cc: hackers@freebsd.org, security@freebsd.org, ache@freebsd.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606240822.KAA12148@gvr.win.tue.nl> In-Reply-To: <10326.835597770@time.cdrom.com> from "Jordan K. Hubbard" at "Jun 23, 96 11:29:30 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Jordan K. Hubbard wrote: > > Do you have anti-spoof filter rules in your backbone router? If not > > install them. If so, please add packets coming in from localhost > > How do you install such things on a cisco 2500? :-) Seriously, if > there's a way then I can get someone from cisco to help me out, but I > first need to know that it's even a reasonable request. Put an access group *in*. On the interface to your ISP. Deny all packets originating from ip numbers on your internal network. Allow anything else. > > > to them. I don't know why he got in, but you can suspect rlogin plus > > a localhost entry in host.equiv combined with source routed packets. > > Hmmm. We have reason to believe that he *didn't* get root (though > we're still assuming he did, just to be paranoid) and if the mod times > can be trusted, hosts.equiv hasn't been touched in many months (and > localhost is commented out). Okay. Than this was not the problem. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606240822.KAA12148>