Here is a good example of one of the many intrusions. <intrusion> Date: Wed, 25 Jul 2001 15:32:53 -0400 (EDT) There were two reports forwarded to me of xxx.xxx.xxxxx.edu doing telnet port scans of remote networks. It was an early victim of the telnet daemon root compromise bug identified in a CERT advisory issued this morning. The machine was given to a Graduate Student to test out FreeBSD on to see if it did what he needed it to do. He determined it does do what he needs but plans were already in the works for me to do a "more fomal" base OS install for him and he would re-do his work afterwards. I had him turn the machine off yesterday, I should have time to do the re-install tomorrow. As a routine part of my installs I turn off telnet access (we have lots of FreeBSD machines around, this was the only vulnerable one...). Sorry for the inconveniences. </intrusion> John wrote: > > Well, I am starting to see the first few known > compromises that have used the new telnetd code. > > ... -- The events which transpired five thousand years ago; Five years ago or five minutes ago, have determined what will happen five minutes from now; five years From now or five thousand years from now. All history is a current event. - Dr John Henrik Clake - ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 09:01:26 PDT