Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Jul 1998 16:28:36 -0600
From:      Brett Glass <brett@lariat.org>
To:        Greg Pavelcak <gpavelcak@philos.umass.edu>, Dag-Erling Coidan  =?iso-8859-1?Q?Sm=F8rgrav?= <dag-erli@ifi.uio.no>
Cc:        "Jan B. Koum " <jkb@best.com>, Dennis Reiter <mcneills@accessus.net>, chat@FreeBSD.ORG
Subject:   Re: QPopper exploit
Message-ID:  <199807272300.RAA00688@lariat.lariat.org>
In-Reply-To: <Pine.BSF.4.01.9807271810090.254-100000@tower.my.domain>
References:  <xzplnpf59fc.fsf@hrotti.ifi.uio.no>

next in thread | previous in thread | raw e-mail | index | archive | help
At 06:14 PM 7/27/98 -0400, Greg Pavelcak wrote:

>> If I were a cracker, the first thing I'd try would be to scan IP
>> ranges known to belong to large ISPs' dialup servers, precisely for
>> that reason (and also because there's a much higher chance of finding
>> machines run by inexperienced or careless people there than amongst
>> permanently connected hosts)
>
>Hmm, major universities for example? (He asks through his UMass
>PPP account.)

Major universities often have LOTS of holes. Many haven't patched that
Annex server problem, and a few even have *wide open* PPP connections
that anyone can use if he or she knows some basic terminal server
commands.

All dial-ins should be carefully firewalled against exploits. We use
SLiRP running on FreeBSD, which is highly effective as a protective layer. 
(See, we're not such slouches on security, even if our mail server WAS hit 
by the QPopper exploit.)

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807272300.RAA00688>