From owner-freebsd-security Mon Dec 9 22:18:26 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id WAA18303 for security-outgoing; Mon, 9 Dec 1996 22:18:26 -0800 (PST) Received: from nike.efn.org (metriclient-14.uoregon.edu [128.223.172.14]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id WAA18239 for ; Mon, 9 Dec 1996 22:17:45 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by nike.efn.org (8.8.3/8.8.3) with SMTP id WAA01389; Mon, 9 Dec 1996 22:16:30 -0800 (PST) Date: Mon, 9 Dec 1996 22:16:28 -0800 (PST) From: John-Mark Gurney X-Sender: jmg@nike Reply-To: John-Mark Gurney To: Brian Tao cc: FREEBSD-SECURITY-L Subject: Re: URGENT: Packet sniffer found on my system In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, 10 Dec 1996, Brian Tao wrote: > On Tue, 10 Dec 1996, Brian Tao wrote: > > > > What it does is use bpf to log every connection between a pair of > > hosts and save all the good parts to a series of files. The guy > > running the sniffer logged well over 17000 connections today and god > > knows how many username/password combinations. He was watching the > > FTP and POP3 ports, mainly. > > Also the telnet ports to the shell servers... any tips for > cleaning up the mess? Obviously the users should be told they need to > change their passwords right away (now to think of a good way to let > everyone know... :-/). why not just have their passwords expire? then they have to change them :) hope it all works out... ttyl.. John-Mark gurney_j@efn.org http://resnet.uoregon.edu/~gurney_j/ Modem/FAX: (541) 683-6954 (FreeBSD Box) Live in Peace, destroy Micro$oft, support free software, run FreeBSD (unix)