Just an FYI, BSDi's telnetd in 4.1 and 4.2 is vulnerable to the telnetd exploit. I was just brought in to clean up a small cluster of unfirewalled BSDi systems that fell victem (don't ask me why there wasn't a firewall: not my boxes). Anyway, since then I've nuked the boxen and put FreeBSD+ipf on and what's interesting is that my logs show that the same IP that did the initial breakin is still scanning/attempting to connect to the port. Looks like a poorly written script kiddie tool in use. The IP address was obtainable through the (w|u)tmp files. At anyrate, FYI. -sc -- Sean Chittenden
This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:22:27 PDT