Date: Tue, 27 Mar 2001 15:44:18 -0500 From: "Jonathan M. Slivko" <jonslivko@hotmail.com> To: mlucas@gltg.com, anderson@centtech.com, security@FreeBSD.ORG Subject: Re: fakename.fakedomain.com security check output Message-ID: <F168cmVFOh1vdkmyCF100001158@hotmail.com>
next in thread | raw e-mail | index | archive | help
My question about this subject is this, do you have any other root-level
admins in your staff that have access to this machine? Also, have you
noticed that in the dmesg that was posted to the list has some casing
errors, possibly indicating something in the actual kernel being changed or
something like that. Just something to watch out for. Just my two cents.
Thanks for taking the time to read this.
-- Jonathan M. Slivko
>From: Michael Lucas <mlucas@gltg.com>
>To: Eric Anderson <anderson@centtech.com>, security@FreeBSD.ORG
>CC: mlucas@gltg.com
>Subject: Re: fakename.fakedomain.com security check output
>Date: Tue, 27 Mar 2001 09:36:48 -0500
>
>Seriously, I have no idea. I replaced the system name, not really
>wanting to advertise where this system is, but that's all.
>
>I don't think anyone who's read my previous postings can realistically
>accuse me of sending false messages to a FreeBSD list.
>
>On Tue, Mar 27, 2001 at 08:30:44AM -0600, Eric Anderson wrote:
> > Give us a break.
> >
> >
> >
> > "fakename.fakedomain.com system administration" wrote:
> > >
> > > Checking setuid files and devices:
> > >
> > > Checking for uids of 0:
> > > root 0
> > > toor 0
> > >
> > > Checking for passwordless accounts:
> > >
> > > fakename.fakedomain.com kernel log messages:
> > > > \^B\^P \^P\^P\^A@\^B\^B\M^@\^B\^A@ \^D\^A@\^T\M^@@\^D\^D\M^@\^A
>\^A\^D \^H\^H\^A\^A\^D\M^P\M^@@\^P\^P\^B\^A\^B\^D\^P\M^@@\^A\M^B \^D@\^P
>@\^A@\^P@@\M^@\M^@\^P\^P\^A\^D\^H\^H\^D\^D\^D\M^@
>\^P@@\^P\^A\^A\^A@\^D\M^@"@\^P\^PhA\M^@PA @
>\^AA\^B\M^@\^D\^D\M^@P\^P@\^P\^A\M^@\^A\^B@\^H\^B\M^@\^E\^A\^P\^H\^B\^A\^H\^H
>\M^@\^D\^H\M^@\^P\^P\^H\^B\^DH\^A\^D \^D\^X\^A \^D \^H@\^D@
>\^D\^A\^D\M^@\^P\^A\^H\^A@\^A\^D\M^@\^D\^A\M-@\M^@\^A\M^@\^H\^D \^H
>\^P\^R\^A\^D\M^@\^B@\^B\^A@!\M^P\^A\^A
> > > > \M^@ \^B\M^@\M^@\^P
>\M^@@\M^@\^A\^P\^D\^P\M^A@\^Q\^A\^B\^B\^B@\^D@\^H\^D
>\^H@\^D\240\M^@\^B\^H\^D\^D\^B\^H\^B@@
> > > > \^P\^D"\^B\^H \^B\^B\^D\^B\M^@\^P\^D\^H\^D\M^P \^A@\^B\^D\^D\^H\^D
>\M^@\^B\^A\^D\M^@\^AP\^A\^A\^P\^B \M^@\^L\^H\M^@L\^H\^P
>\^H\M^@\M^@\^H\M^@\^D@\^P@
> > > > \^H\^A
> > > > \^D@\^H\^BP\^D
>\^D\^P\^B\M^P\^A\^A@\^D\^P@@\^H\^H\M^@P\^A\^DP\M^@\^A\^L\^A\M^@@\^B\^D\^H\^B\^D\^A\^P(\M^@\^P\^H
>\^D\^E\M^@\M^@\^H\^P\^K\^H@\^D\^H\^Y@\^B\^P\^X \^R@\M^@\M^D\^B\^H@\M^@\^D@
>\^P\M^@\^B\^D\^B\^D\M^P \^B\^P@\^H\^D\^X\M^@\^A\^H@\M^@\^D \^H\^H@\^PC\^D
>\^P@\^B\^B\^H\^A@\^A\M^@ \M^@ \^H\^D
>\^H\^P\^A\^B\^B\^A@@\^H\^P@\M^@\^B@\^B\^T\^B\^P\^B\M^@\^B\M^@\^PA@\^P
>\^B\^P\^A@\^P\M^@@@ @\^D\^T\M^@\^D\^B\^A\^B \^H\^H\M^@\^P@\^H \^A\^D\^D
>\^A\^A\^B\^P\^F\^D\^D\^D\^H\^D \^H $
>\^B"@\M^P\^A\^P\^B\M^B\M^@\^P\^A\^D\^P(\^H\M^@@
>\^P\^P\^A"@\M^@\^B\^B\^T\240\^D\M^@\^D\M^@ \M^@\^P\^D\^P\M^@\^H\^P
> > > > \M^@\^P @\^B\^B\M^H\^A"\^A@@\^P\M^D\^B\^B\^B\^D
>@\^A\^H\^H\M^@\^A@\^D\^A\^P \^A\^A\^H!\^B@\M^@\^B \^H\^C\^H\240\M^@@\^P
>\^P\^P \^B\^B\^P\^H\^P\^P \^D\^D\^D\^D
>\M^@\^H\^D\^A\^H\^A\^H\^D\^D\^P\M^@\^H\^P@\M^@\M^@\^B\^P"\M^@*\^H @\240\^D
>\^A \M^@\^P$\^E@@\^A\^AD@\^D\M^@\^B\M^@\^A\^B\^P\^Q\M^@ \^B@\^B\M^@\^P\^P
>\^A\^B\M^@\^D\M^D\^A(\M^@\M^@@\^P\^P\M^@\M^@\^B\^H\M^H@@\^A@\^P\^L\240\^H\^B
>@\M^@\M^A\^L@\^D@\M^A\^A \M^@(\^B\^B\^B\^D\^A\M^@@\^P@\^P \^P
>@\^B\M^@\^B@\M^@\^D \^H\^A\M^C\^D\^A\M-@\^B\^B@ \^A\^A
>\^D\^N\^L\^H\^D@\^B\^A\^H\^B\^B\^P\^H" \M^@P\^P\^P!\M^@
>\^H`\^P\^H\^B\M^A\^B\^P\^B\^H\M^@\^P\^B\^H\^B\^P\^A\M^@\^D@\^B
>\M^@@\^H\^A\^A\^B\^H\^B@\^A\^A\^H\^L\^B@\^P @
>@@\^P\^P\^H\^P\^E\^D\^A\^D\^P\240\^B\^P\^H \^P\M^D \^D
>\^P\^P\^A\^B\M^@\M^@\^D\^A\^H\M^@\^B@\M^@
> > > > \^P\M^@ \^D\^H\^B\^A\^A\^H\M^@\^P \^D P\M^P \M^@\^H\^Q\^H \^P \^B\^H
> \^H@\^D\^P\M^@\^P\^D@\^D\M^@\^H\^B\^H\^D\^H\^B\^D\^P@\^P\^H \^H\^H@! \^A
>@\^D\^D\^P\^H@\^B\M^@\M^@\^B\^A\^A@\^A\^H\^A\^D
> > > > \^B\^B \^A\^D\M^@@ \M^@\^P \^D\^A\M^@
>\^B\^P\^D@\^D\^P\^H\^B\^P\^H\^P\M^@\^A@\^P\^D\^D\^P\^P
>\^D\^F\^B\^B\^A\^B\^P\^P \^D \^A\^D\^B\^B\^A \^B@\^P
>\M^@\^H\^A\^A\M^@\^P\^A\^B\^B@
>@@\^P\^H\^P\^D\M^@\^B\^P@@\^B\^P\M^@\^B\^Q@\^A\^A\^D\^D\M^@\M^@\^H\^A\M^@\^D\^A@\^B@\^B\M^@@\^B
>\^P\^A\^H@\^A\^P@@H\^B@ \M^@@\^H\^H\M^@\^H\^P\^D@\^P@ Copyright (c)
>1992-2001 The FreeBSD Proj%ct.
> > > > Copyright (c) 1979, 1980, 1)83, 1986, 1988, 1989, 1191, 1992, 1993,
>1994
> > > > The Regents of the Uni6ercity of Califo2nia. All rights
>2dserved.
> > > > Free@SD 4.2-STABLE #1\^Z Fri Mar 2 09:11:\^P5 GMT 2001
> > > > mwlucas@fakename.fakedomain.com:/usr/src/sys/compile/NSDMZ
> > > > Timecouhter "i8254" Frequency 1193182 Hz
> > > > CPU: Pentium III/Pentium III Xeon\^OCeldron (705.59-MHz 686-class
>CPU)
> > > >
>FeAtures=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,LCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
> > > > real mamory =0133103616 (129984K bytes)
> > > > PrelOaded elf kernel "kernel" at 0xc\^P2bf000.
> > > > Pentiem Pro MTRR support enabled
> > > > md0: Malloc diqk
> > > > npx0: <math processor> on mot`erboard
> > > > npx0: INT 16 anterface
> > > > pci0: <Intel model 1132 VGA-compatib|e tisplay device> at 2.0 irq 11
> > > > pcib1: <PCI to PCI bRIdge (vendor=8086 device=244e)> at device 30.0
>on pci0
> > > > ahc0: <Adaptec 2930CU SCSI adapter> port 0xc000-0xb0ff mdm
>0xd5101000-0xd5101fff irq 11 at device 0.0 on pci1
> > > > aic7860: SinGle Channel A, SCSI Id=7, 3/255 SCBs
> > > > fxp0: <Intel Pro 10/104B'100+ Ethernet> pOrt 0xc400-0xc43f \^Mem
>0xd5000000-0xd50ffffb,0xd5100000%0xd5100fff irq 11 at device 5.0 on pci1
> > > > isab0: <PCH to ISA bridge (vendor=8086 device=2440)> at$detice 31.0
>on pci0
> > > > isa0: <ISA$bus> on isab0
> > > > atapcI0: <Intel ICH2 CTA100 controller> port 0xf000-0hf00fat device
>30.1 on pci0
> > > > p#i0: <UHCI USB controlle2> at 31,2 irq 9
> > > > pci0: <unknown card6(vendor=0x8086, dev=0x2445) at \M-31.5 irq 5
> > > > fdc0: <NEC 72065B or clone> at port$0x3f0-px3f5,0x3f7 irq 6 drq 2 on
>iqa0
> > > > fdc0: FIFO enabled, 8 bytas threshold
> > > > fd0: <1440-KB 3.5" $rive> on Fdc0 drive 0
> > > > psm0: model Gejeric PS/2 mouse, device I\^D 0
> > > > vga0: <GenEric ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on
>isa0
> > > > qc0: <Rystem con1ole> at\240flags 0x100 on iSa0
> > > > sc0: VGA 416 vir4ual consoles, flags=0x3006
> > > > sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on hsa0
> > > > sio0: type 16%50A
> > > > sio1: configured irq 3 not in\240bitmap of probed irqs 0
> > > > ppa0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode
> > > > ppb0: FIFO vith 16/16/16 bytes threshold
> > > > ppa0: <ParallelI/O> on Ppbus0
> > > > plip0: <PLIP netgorK interface> on ppbus0
> > > > Lpt0: <Printer> on ppbus0
> > > > lpt0: Interrupt-driven port
> > > > ata -master: DMA lilited to UDMA33, non-ATA66 compliant bable
> > > > ad0: 19092MB 4WDC WD210AB-0 BPA1> [38792/16/63] at ata0-master
>UDM@33
> > > > acd0: CDROM <LTN526S> at ata1-master using PIO4
> > > > Waiting 15 seconds for SCSI devices to settle
> > > > MountinG poot froe ufS:/dev/ad0s1a
> > > > WARNING: / was not properly Dismounted
> > > > \^N118>Configuring ryscons:\^H<118> blanK_time
> > > > 8118>Additional TCP options:
> > > > Waitang (max$60 seconds) for system process `bufdaemon' to
>st.p...stopped
> > > > Waiding (max 60 seconds) for system process `cyncer' to
>rtop...stopped
> > > >
> > > > synchng disks...
> > > > done
> > > > Copy2ight (c) 1992-2p01 The FReeBSD Project.
> > > > Cnpyright!(c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993,
>1994
> > > > The R%gents nf \M-the Universiti of California. All pights
>reserved.
> > > > FreeBSD 4.2-STABLE #1: Fri Ear 2 09:11:05GMT 2001
> > > > mwl5cas@fakename.fakedomain.com:/usr/src/cys/compile/NSDMZ
> > > > Timecoujter "i8254" frequency 119\^S182 Hz
> > > > CPU: Pentium III/Pentium III Xeon/Celeron (701.60-MH: 686-class
>CPU)\^N Origin = "GenuineHntel" Id = 0x683 Steppang =`3
> > > >
>Features=0x383f9ff<FPU,VME,DE,PSE,TSC\^LMSR,PAE,MCE,CX8,SEP,MTR\M-R,PGA,MCA,CMGV,PAT,PSE36,MMX,FXSR,SSE>
> > > > real memory = 131103616 (129984K bytes)
> > > > aTail memory = 126656512 (123688K "ytes)
> > > > Preloaded elf kernel "kerne|" at 0xc02bF000.
> > > > Pentium Pro MTRR support efabled
> > > > md0: Malloc disk
> > > > npx0: <math proceSsor> on motherboard
> > > > npx0: INT 16 interfAce
> > > > pcib0: <Host to PCI bridge> on motherboard
> > > > pci0: <PCI bes> on pcib0
> > > > p#i0\^Z <Intel moded 1132 VGA-compatible display ddvice> `t 2.0 irq
>11
> > > > pcib1: <PCI to PCI bridge (vendor=8086 device=244e(< `t device 30.0
>on pci0
> > > > pci1: <PCI bus> on pcib1
> > > > ahc0: <Adaptec 2930CU SCSI adapter> port 0xc000-0xc0ff mem
>0xd5101000-0xd5101fff irq 11 ap device 0.0 on pci1
> > > > aic7860: Single Channel A, SCSI Id=7, 3/255 SCBs
> > > > fxP0: <Intel Pro 10/100@/100+ Ethernet> port 0xc400-0xc43f mem
>0xd5000000-0xd50fffff,0xd5100000-0xd1100fff irq 11 at device 5.0 nn pci1
> > > > fxp0: Ethernet address 00:02:b3:18:6d:d6
> > > > i3ab0: <PCI to ISA bridge (vendor=8086 device=2440)> at device 31.0
>on pci0
> > > > isa0: <ISA bus> on isab0
> > > > atapci0: 4Intel ICH2 ATA100 controller> port 0xf000-0xf00f at devIce
>39.1 on pci0
> > > > ata0: at 0x1f0 irq 14 on atapci0
> > > > ata1: at 0x170 irq 15 on atapci0
> > > > pci0: <UHCI USB controller> at 31.2 irq 3
> > > > pci0: <UHCI USB controller> at 31.4 irq 5
> > > > pc)0: <unknown caRd> (vendor=0x8086, dev-0x2445) at 3!.5 irq 02
> > > > fdc0: <NEC 72065B or clone> at port 0x3f0,0x3f5,0x3F7 irq 6 drq 2 on
>isa0
> > > > fdc0: FIFO enabled, 8 bytes threshold
> > > > fd0: <1440-KB 3.5" drive> oj fdc0 $rive 0
> > > > atkbdc0: <Kayboard controller (i8042)> ap port \^Px60,0x64 on isa0
> > > > vga0: <GENeric ISA VGA> at port 0x3c0-0x3df inmem 0xa0000-0xbffff on
>isa0
> > > > rc0: <System console> at fla's 0x100 on isa0
> > > > sc0: VGA <16 rirtual consoles, flags=0x300>
> > > > sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
> > > > sio0: type 16550@
> > > > sio1: confIgured irq 3 not in bitmap of probed i2qs 0
> > > > ppc0: <Parallel port> at pOrt 0x\^S70-0X37f irq 7 on iqa0
> > > > ppc0: Generic chipsed (ECP/PS2/NIBBLE) in COMPAT BLE mode
> > > > plip0: <PLIP net7ork interface> on ppbus0
> > > > ata0-masteb: DMA limited to UDMA33\^H non-ATA66 compliant cable
> > > > ad0: 19092MB <WDC WD200AB-00BP@1> [38792/16/63] at ata0--aster
>UDMA32
> > > > acd0: CDROM <LTN526Q> at ata1-mastep using PIO4
> > > > =118>setting ELF!ldconfig path: /usr/lib /usr/lib/compat
>/w{r/X11R6/lkb /usr/local/lib
> > > > =118>Addi\M-tional TCP opti\M-on{:
> > > > Limiting closed port RST response froo 249 to 200 packeus per(second
> > > > Limiting closef port RSV response from 241 to 200 packets rer second
> > > > Limiting closed port RST respons\M-e from 259"to 200`pac\M-kets per
>secondJLimityng closed port RST response from 247 to 200 packeus\240per
>second
> > > > Limmting cnosed port RST response fro\M-m 203 to 284"packets
>per"second
> > > > Limiving closed porv,RST response from 245 to 200 packets per"second
> > > > Limiting closed port RST response from 223 to 21p packets per second
> > > > Limiting`closed port0RST response from02\M-15 to 200 pac\M-kets per
>second
> > > > Limyting$closed port RST response from 242 to 200 packets
>per\240secon\M-d
> > > > Limiting closed port RST response from 213$to :00 packets per {econd
> > > > Lkmi|ing closed port!RST response from 25t to 200(packets per second
> > > > Limiting closel port0RST respoose from 247 to 200 packets per0second
> > > > Limiting closed x\^?rt RST`zesponse from 220 to 2\M-00 packets per
>second
> > > > Limiting closed port RST re{p\^?nse f{om!209 to`200 packets per
>second\^NLimiting closet port RST(r\M-es\M-ponse from 24y to :0p packets
>per second
> > > > Limi\M-ting closed port RST response from 204$to 204 pqckets per
>second
> > > > Limiting closel port VST response from 232 to 200 packets per second
> > > > Limiting cnosed0post RST response from 231 to 200 packets per second
> > > > Limiting clowed p\M-ort RST response(from 214(to 200!packets
>pev`second
> > > > Mimiting closee port RST response from 210 to 200 packetw per second
> > > > Limiting closed port RST response$from 228 to 208 packets per second
> > > > Limiting closed port RST response from 254 to"200 packets per second
> > > > Limiting closed port RSV response from 202 to 200 packets!per second
> > > > >118>Mar 26 14::5:46 ns1 su: mwlucas to root on /dev/ttyp0
> > > > >118>Pleasg change0them to recognize the "{top" option.
> > > > Wai|ing (max\24060 seconds) for system process `bufdaemon' to
>stop...stopped
> > > > Waiving (max 60 seconds) fo\M-r cystem proce{s``syncer' to
>stop...{topped
> > > > synging disks...
> > > > avail memory = 126652416 (123684K bytes)
> > > > pci0: <UHCI USB controller> at 31.2 irq 9
> > > > pci0: <UHCI USB controller> at 31.4 irq 3
> > > > pci0: <unknown card> (vendor=0x8086, dev=0x2445) at 31.5 irq 5
> > > > atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
> > > > kbd0 at atkbd0
> > > > psm0: <PS/2 Mouse> irq 12 on atkbdc0
> > > > psm0: model IntelliMouse, device ID 3
> > >
> > > fakename.fakedomain.com login failures:
> > >
> > > fakename.fakedomain.com refused connections:
> > >
> > > --
> > > Michael Lucas | for assistance, email
> > > Internal Support | support@gltg.com or call
> > > Great Lakes Technologies Group | 248-204-7256
> > > mlucas@gltg.com, 248-204-7258 |
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of the message
> >
> > --
> >
>-------------------------------------------------------------------------------
> > Eric Anderson anderson@centtech.com
> > Centaur Technology (512) 418-5792
> > Error: network data ocurred.
> >
>-------------------------------------------------------------------------------
>
>--
>Michael Lucas | for assistance, email
>Internal Support | support@gltg.com or call
>Great Lakes Technologies Group | 248-204-7256
>mlucas@gltg.com, 248-204-7258 |
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F168cmVFOh1vdkmyCF100001158>