Re: *BSD Telnetd

From: John (johnsat_private)
Date: Thu Jul 26 2001 - 16:02:03 PDT

  • Next message: Ford Prefect: "Is this a traceroute?"

    Here is a good example of one of the many intrusions.
    
    <intrusion>
    Date: Wed, 25 Jul 2001 15:32:53 -0400 (EDT)
    
    There were two reports forwarded to me of
    xxx.xxx.xxxxx.edu doing telnet port scans of
    remote networks. It was an early victim of
    the telnet daemon root compromise bug
    identified in a CERT advisory issued this
    morning.
    
    The machine was given to a Graduate Student
    to test out FreeBSD on to see if it did what
    he needed it to do. He determined it does do
    what he needs but plans were already in the
    works for me to do a "more fomal" base OS
    install for him and he would re-do his work
    afterwards. I had him turn the machine off
    yesterday, I should have time to do the
    re-install tomorrow. As a routine part of my
    installs I turn off telnet access (we have
    lots of FreeBSD machines around, this was the
    only vulnerable one...).
    
    Sorry for the inconveniences. 
    </intrusion>
    
    John wrote:
    > 
    > Well, I am starting to see the first few known
    > compromises that have used the new telnetd code.
    > 
    > ...
    
    -- 
    The events which transpired five thousand years ago; Five 
    years ago or five minutes ago, have determined what will
    happen five minutes from now; five years From now or five
    thousand years from now. All history is a current event.
    - Dr John Henrik Clake -
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 09:01:26 PDT