From owner-freebsd-chat  Mon Jul 27 12:58:30 1998
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA25614
          for freebsd-chat-outgoing; Mon, 27 Jul 1998 12:58:30 -0700 (PDT)
          (envelope-from owner-freebsd-chat@FreeBSD.ORG)
Received: from postal.accessus.net (root@postal.accessus.net [204.248.93.6])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA25597
          for <chat@FreeBSD.ORG>; Mon, 27 Jul 1998 12:58:16 -0700 (PDT)
          (envelope-from mcneills@accessus.net)
Received: from mcneills (kew1-203.dialup.accessus.net [207.206.182.203])
	by postal.accessus.net (8.9.0/8.9.0) with SMTP id OAA16237
	for <chat@FreeBSD.ORG>; Mon, 27 Jul 1998 14:57:40 -0500
Received: by mcneills (VPOP3 - Unregistered) with SMTP; Mon, 27 Jul 1998 14:57:06 -0500
Message-ID: <000801bdb998$828c9220$0200a8c0@Dell>
Reply-To: "Dennis Reiter" <mcneills@accessus.net>
From: "Dennis Reiter" <mcneills@accessus.net>
To: <chat@FreeBSD.ORG>
Subject: QPopper exploit
Date: Mon, 27 Jul 1998 14:55:30 -0500
MIME-Version: 1.0
Content-Type: text/plain;charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.71.2038.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2039.0
X-Server: VPOP3 V1.2.5 Unregistered
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In case anyone thinks that the QPopper exploit won't affect them,
because they only use a dial-up line and have a Dynamic IP,
three times in the past week someone from a dial-up line in
Minnesota (ppp64.wimpy.msp.mn.state.net) has attempted to break
into my home box.

I have Fetchmail setup to dial-in and retrieve mail every other
hour between 6am & 10pm, and also use my workstation as a gateway,
so I have one of about 100 different IP addresses each time I call
in.  I don't know why they failed the first time (I hadn't upgraded
-- who in the world would want to hack _ME_? <:-|) but I caught
a strange line of ^P's in my syslog.  I upgraded immediately after
changing my shorts and they've tried twice more, once while I was
sitting at the console doing a 'make world.'

So in case anyone thinks they aren't vulnerable, especially after
reading what happened to Brett, think again.  Just because the
chance of it happening is small, doesn't mean it won't.

Regards,
Denny Reiter
denny@kewanee.net
------------------------------------------
FreeBSD: Turning PC's into workstations.
See http://www.FreeBSD.ORG/ for info



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message