From owner-freebsd-questions Sat Jul 28 11:34:59 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmls20.mediaone.net (chmls20.mediaone.net [24.147.1.156]) by hub.freebsd.org (Postfix) with ESMTP id BC5F937B401 for ; Sat, 28 Jul 2001 11:34:53 -0700 (PDT) (envelope-from leblanc@acadia.ne.mediaone.net) Received: from acadia.ne.mediaone.net (acadia.ne.mediaone.net [65.96.185.189]) by chmls20.mediaone.net (8.11.1/8.11.1) with ESMTP id f6SIYlB00118 for ; Sat, 28 Jul 2001 14:34:47 -0400 (EDT) Received: (from leblanc@localhost) by acadia.ne.mediaone.net (8.9.3/8.9.3) id OAA29409; Sat, 28 Jul 2001 14:28:17 -0400 Date: Sat, 28 Jul 2001 14:28:17 -0400 From: Louis LeBlanc To: freebsd-questions@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: URGENT - Seems like i've been hacked... what to do now? Message-ID: <20010728142816.A29383@acadia.ne.mediaone.net> Reply-To: freebsd-questions@FreeBSD.ORG Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <20010728051328.83415.qmail@web20104.mail.yahoo.com> <20010728051328.83415.qmail@web20104.mail.yahoo.com> <5.0.2.1.2.20010728131816.01c8e710@icsmx.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5.0.2.1.2.20010728131816.01c8e710@icsmx.com> User-Agent: Mutt/1.3.19i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Telnet and SSH are two different protocols for gaining shell access to a machine. Aside from the fact that telnet is insecure and ssh is secure. Either way, you can do everything you need with ssh as far as system administration. IIRC there are other capabilities with telnet, but I never use them, so . . . Just keep in mind: If you are connected to a machine thru an insecure protocol (like telnet) your communications (passwords, etc) can be viewed on the internet by anyone knowing how and where to intercept packets (there are more sniffers out there than you really care to know about). On a secure connection, this is at worst extremely difficult, and at best impossible. Still beats telnet. If I were you, I'd disable telnet in /etc/inetd.conf (just comment it out), block the port in your firewall (deny port 25 - incoming, anyway), and consider changing all your passwords. Just my $0.02. Lou On 07/28/01 01:23 PM, Jorge Biquez sat at the `puter and typed: > Reading this confirms me that I do not know nothing yet.... > > I have FreeBSD 4.2 running for web services of my own. No one else use or > have access to the machine, no other users. But I use telnet as the way to > control my machines. If I read correct the last messages I should disable > telnetd and use alternatives, like SSH services (btw I remember a > discussion a few months ago telling SSH was not the correct way to go > either).... > > What's the best way to stay?. If the path to follow to disable telnetd and > have SSH services running, could you please point me to resources of how to > implement this? > > Thanks in advance. > > JB > > At 01:30 28/07/01 -0400, you wrote: > > > So I should only allow SSH connections? > > > > > > Is there anyway to see what has been modified since a > > > particular date? > > > > > > -Sameer > > > >Yes use SSH, there are great terminal apps out there that are > >freeware like putty and tera term pro that will allow you to > >ssh in from a msft system. > > > >At least unplug it from the internet for now, so the rest of us > >don't have to deal with someone using it to DoS from. :) > > > >You can always check for files with the find -mtime option, > >you can check your wtmp by using "last" and all of that. But > >you'd probably be better off just re-installing for now, unless > >you want the experience of trying to track down what was done. > >If you want to do that, go start reading up on what to do.. but > >unplug the NIC. > > > >Enjoy. > > > >-Russell > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Law of the Perversity of Nature: You cannot determine beforehand which side of the bread to butter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message