From owner-freebsd-isp Wed Feb 5 09:34:46 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA29319 for isp-outgoing; Wed, 5 Feb 1997 09:34:46 -0800 (PST) Received: from smokey.prismnet.com (root@smokey.prismnet.com [205.166.246.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA29279 for ; Wed, 5 Feb 1997 09:34:43 -0800 (PST) Received: (from greg@localhost) by smokey.prismnet.com (8.8.4/8.6.12) id LAA16629; Wed, 5 Feb 1997 11:45:44 -0600 (CST) From: Greg Stringfellow Message-Id: <199702051745.LAA16629@smokey.prismnet.com> Subject: Re: hacking - help In-Reply-To: from "FreeBSD 2.2-BETA" at "Feb 5, 97 10:11:04 am" To: freebsd@nwpros.com (FreeBSD 2.2-BETA) Date: Wed, 5 Feb 1997 11:45:44 -0600 (CST) Cc: freebsd-isp@freebsd.org X-Mailer: ELM [version 2.4ME+ PL30 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk FreeBSD 2.2-BETA said: > On Wed, 5 Feb 1997, Ricardo Kleemann wrote: > > > > But, the real question is, what hole must I plug to prevent this? Is there > > a known hole where someone can log in as ftp and gain root access? > > > > Also, does freebsd support host.allow and host.deny? I didn't see those > > files in /etc and there was no man page > > > Do not allow anonymous FTP. That solves the problem of them logging in > like that. As for the hosts, yes it does. Try > feeding.frenzy.com...it very succesfully uses it (well at least > against my efforts :P). >From what is being described here, someone is trying to telnet in as the FTP user. You could disallow anonymous FTP access, but if you need it there is a way to patch the hole. Just make sure than something like /nonexistent is the shell for the user "ftp". That way, they cannot log in. Also, make sure that in your master.passwd file you have an asterisk where their encrypted password should be. Use "vipw" to edit your master.passwd file. I use both of these methods and I run wuftpd. For an even better anonymous FTP server use WUFTPD which is in the ports directory. FreeBSD does not support the hosts.allow or hosts.deny out of the box. You have to instal TCP Wrappers which, I believe, is also in the ports directory. Greg -- Greg Stringfellow PrismNet, Inc. Network Administration WWW Pages, ISDN, Telnet, Dialup Accounts Phone: (512)-418-1568 "I used up all my sick days...so I'm calling in dead"