Date: Tue, 13 Nov 2001 10:32:25 -0800 From: Will Yardley <william@hq.newdream.net> To: freebsd-security@FreeBSD.org Subject: Re: Adore worm Message-ID: <20011113103225.A1184@hq.newdream.net> In-Reply-To: <5.1.0.14.2.20011114005803.0207ed70@MailServer> References: <XFMail.011113092233.jhb@FreeBSD.org> <5.1.0.14.2.20011114000437.02050a70@MailServer> <XFMail.011113092233.jhb@FreeBSD.org> <5.1.0.14.2.20011114005803.0207ed70@MailServer>
next in thread | previous in thread | raw e-mail | index | archive | help
Stefan Probst wrote: > > Will go to bed now and pray..... > I still can telnet to the box. please don't telnet to your box with the root username, the name you use to su to root from, or a username that has root access via the 'sudo' facility. this makes it easy for someone to sniff your unencrypted traffic. use ssh instead. as someone mentioned, there's a telnetd exploit as well, which is most likely how your box got rooted. if you can POSSIBLY require your users to use ssh instead, you should do so, as running telnetd is asking for trouble. try to run only ssh v2 as well. if you must run telnet, make sure that users who have any sort of high level access don't use it. there are free ssh clients available for pretty much any platform imaginable.... http://freessh.org/ has some good ones listed. for 'doze i'd recommend putty or securecrt. if the machine is dedicated and geographically far (as you say), then i don't know what to tell you - have your provider give you a new box with a fresh install if possible. i'm not sure if this runs any risks, but you could try cvsupping your source tree and rebuilding your system (others might have more insight into this, and possible risks of doing so). since you don't know for sure what they've modified or what information is compromised, a fresh install of some sort is really important. w -- GPG Public Key: http://infinitejazz.net/will/pgp/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011113103225.A1184>