Date: Wed, 29 Jul 1998 07:54:09 +0200 (CEST) From: Sascha Schumann <sas@schell.de> To: CyberPeasant <djv@bedford.net> Cc: dave@kd0yu.com, questions@FreeBSD.ORG Subject: Re: version 2.1.0 and a hacker I can't keep out Message-ID: <Pine.BSF.4.01.9807290746390.11127-100000@guerilla.foo.bar> In-Reply-To: <199807290420.AAA23973@lucy.bedford.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Jul 1998, CyberPeasant wrote: > Dave Helton wrote: > > Dear Sirs, > > > > Frustration is running high! > > I am using ver 2.1.0-RELEASE. Have ordered the latest > > (v2.6.6-RELEASE) from cdrom.com So... before it's installed I would > > still like to know how the hell he's doing it. > > >From a script. He's hammering a buffer overrun in qpopper. > > > I get the following: > > > > Jul 28 14:03:33 home popper[1027]: -ERR Unknown command: > > "^P^P^P^P^P^P^P^P^P^P^P > .... > > Jul 28 14:03:49 home popper[1028]: (v2.1.4-R3) Servicing request from > > "usimsptc2 -146.usinternet.com" at 208.160.34.146 > > Looks like a dialup account. Is it always the same IPA? Might > be spoofed. A script kiddie which spoofes a TCP stream. Thats very unlikely ;) > > As you can see... I know where he's coming from. I find that he > > hammers away on port 110 with these control-p's till the popper > > exits. Afterwards the log files show missing hours of time and my > > system is trashed. > > > > I am sure part of the answer will be that ver 2.2.6 will fix it with > > the firewall and all... but I would still like an answer from some > > one with a handle on just what I am looking at. I have been plagued > > with this guy now for a week and have been loosing sleep over it. I > > would appreciate some inside information on how this is done and how > > to prevent it. > > Well, this is, I think, a common script kidz game. It's been out > for a couple of months, IIRC. Heh, I don't crack, and I don't run > qpopper, but I've heard of it. We are running qpopper (really nice prog, btw) and I tried the buffer overflow once on my machine... one command and I had root access. > a) Get the latest qpopper port, and build it from source. Whats this thing with the ports? This has always the disadvantage of being (perhaps) outdated. Go to ftp://ftp.qualcomm.com directly and grab version 2.53. > b) In conjunction with law enforcement and her ISP, prosecute > the intruder. law enforcement = FBI, probably. Make her squeal. script kiddie == biggest enemy on earth? Calm down plz ;) > Some people are annoyed by using "hacker" to describe a criminal. > Leave that to CNN. It's like referring to a burglar as a "carpenter" ;) "The Hacker Anti-Defamation League" => http://www.tatoosh.com/hadl Bye, Sascha To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9807290746390.11127-100000>