Date: Tue, 22 May 2001 21:38:29 +0200 From: Guido van Rooij <guido@gvr.org> To: Mike <wacky@blinx.net> Cc: Chojin <chojin@nerim.net>, freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.org Subject: Re: Is there a ftp vuln in 4.3-STABLE Message-ID: <20010522213829.B16268@gvr.gvr.org> In-Reply-To: <003601c0e2ee$b006bfa0$0700a8c0@com.home.com>; from wacky@blinx.net on Tue, May 22, 2001 at 02:40:33PM -0400 References: <Pine.BSF.4.21.0105221226100.202-100000@portal.none.ua> <005301c0e2b7$8a4a6dc0$0245a8c0@chojin> <003601c0e2ee$b006bfa0$0700a8c0@com.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Obviously, the stuff below your message was somehow extracted from a log. Could you please mail all of the relevant part of the logfile? -Guido On Tue, May 22, 2001 at 02:40:33PM -0400, Mike wrote: > Hi, > My webhosting server I believe recently got hacked. I logged in via ftp > using freebsd 4.3-stable stock ftpd and it went directly to /usr/home/ftp > and i will paste below what it has. I updated from 4.2-stable to 4.3-stable > after the glob() patch came out. So I dont believe that its because of the > glob vuln. > > .010512105058p > 010513050858p > 010515163904p > 010515163907p > 010520053658p > 010520053659p > 010520053700p > 010520053701p > 010520053702p > 010520053709p > 1mbtest.ptf > frdfakAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA)?P??P??)?P?fish)? > f?IF1?V?I???1?V??PTPTS?;P?? > pufpafAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA)?P??P??)?P?fish)? > f?IF1?V?I???1?V??PTPTS?;P?? > ???? Tagged By Wizardz Fxp ???? > > -Mike > -Blinx Networks > ----- Original Message ----- > From: "Chojin" <chojin@nerim.net> > To: <freebsd-security@FreeBSD.ORG> > Sent: Tuesday, May 22, 2001 8:05 AM > Subject: IPF Rule problem > > > > In my rules I put this: > > pass out quick proto tcp from any to any keep state > > pass out quick proto udp from any to any keep state > > pass out quick proto icmp from any to any keep state > > block out quick all > > > > (123.123.123.123 is an example) > > pass in quick proto tcp from any to any port = 23 keep state > > ... > > block in log quick all > > > > When I use telnet -s 192.168.69.1 123.123.123.123 it works > > telnet -s 127.0.0.1 123.123.123.123 works too > > telnet -s 123.123.123.123 123.123.123.123 doesn't work > > > > Why ? > > > > Regards. > > > > Chojin > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > -- Guido van Rooij | Phone: ++31 653 994 773 Madison Gurkha, Technology Think-Tank | guido@madison-gurkha.com | FreeBSD committer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010522213829.B16268>