Date: Mon, 26 Nov 2001 13:13:44 +0100 (CET) From: Alexander Leidinger <Alexander@Leidinger.net> To: k_a_kinsey@netzero.net Cc: freebsd-security@FreeBSD.ORG Subject: Re: analysis of attack ?? Message-ID: <200111261213.fAQCDkK02743@Magelan.Leidinger.net> In-Reply-To: <03e501c175ec$19332b40$d5f35b41@musicstudio>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25 Nov, Kevin & Anita Kinsey wrote:
> Questions:
> *Does the fact that the files were in the public ftp directory mean
> that Mr. Badguy came in via anonymous FTP, or did he sniff a user
> password floating unencrypted over the 'Net?
Any chance the box also allowed telnet access (depending on which
version of FreeBSD you had running on it, they may used an exploit for
it)?
Which FTP server software are you using (proftpd and wu-ftpd are known
to have had a lot of exploitable bugs, if your friend can life with the
base ftpd you better switch to it)?
> *What should I do if/when (God forbid) this happens again to give me
> (you?) more to analyze.....?
You should also tell us the names and versions of used software.
> *Is there a better way [than FTP] to have his 'webmaster' (page
> designer) upload pages to the site?
This depends on his webmaster, if he didn't fears the commandline and
you are able to find the programs for the platform he uses: rsync
(/usr/ports/net/rsync) over ssh.
Bye,
Alexander.
--
The best things in life are free, but the
expensive ones are still worth a look.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111261213.fAQCDkK02743>