Date: Sat, 28 Jul 2001 14:28:17 -0400 From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net> To: freebsd-questions@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: URGENT - Seems like i've been hacked... what to do now? Message-ID: <20010728142816.A29383@acadia.ne.mediaone.net> In-Reply-To: <5.0.2.1.2.20010728131816.01c8e710@icsmx.com> References: <20010728051328.83415.qmail@web20104.mail.yahoo.com> <20010728051328.83415.qmail@web20104.mail.yahoo.com> <5.0.2.1.2.20010728131816.01c8e710@icsmx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Telnet and SSH are two different protocols for gaining shell access to a machine. Aside from the fact that telnet is insecure and ssh is secure. Either way, you can do everything you need with ssh as far as system administration. IIRC there are other capabilities with telnet, but I never use them, so . . . Just keep in mind: If you are connected to a machine thru an insecure protocol (like telnet) your communications (passwords, etc) can be viewed on the internet by anyone knowing how and where to intercept packets (there are more sniffers out there than you really care to know about). On a secure connection, this is at worst extremely difficult, and at best impossible. Still beats telnet. If I were you, I'd disable telnet in /etc/inetd.conf (just comment it out), block the port in your firewall (deny port 25 - incoming, anyway), and consider changing all your passwords. Just my $0.02. Lou On 07/28/01 01:23 PM, Jorge Biquez sat at the `puter and typed: > Reading this confirms me that I do not know nothing yet.... > > I have FreeBSD 4.2 running for web services of my own. No one else use or > have access to the machine, no other users. But I use telnet as the way to > control my machines. If I read correct the last messages I should disable > telnetd and use alternatives, like SSH services (btw I remember a > discussion a few months ago telling SSH was not the correct way to go > either).... > > What's the best way to stay?. If the path to follow to disable telnetd and > have SSH services running, could you please point me to resources of how to > implement this? > > Thanks in advance. > > JB > > At 01:30 28/07/01 -0400, you wrote: > > > So I should only allow SSH connections? > > > > > > Is there anyway to see what has been modified since a > > > particular date? > > > > > > -Sameer > > > >Yes use SSH, there are great terminal apps out there that are > >freeware like putty and tera term pro that will allow you to > >ssh in from a msft system. > > > >At least unplug it from the internet for now, so the rest of us > >don't have to deal with someone using it to DoS from. :) > > > >You can always check for files with the find -mtime option, > >you can check your wtmp by using "last" and all of that. But > >you'd probably be better off just re-installing for now, unless > >you want the experience of trying to track down what was done. > >If you want to do that, go start reading up on what to do.. but > >unplug the NIC. > > > >Enjoy. > > > >-Russell > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Law of the Perversity of Nature: You cannot determine beforehand which side of the bread to butter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010728142816.A29383>