From owner-freebsd-questions  Tue Jul 31 12:57: 5 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-69.dsl.lsan03.pacbell.net [63.207.60.69])
	by hub.freebsd.org (Postfix) with ESMTP id A18BC37B401
	for <freebsd-questions@FreeBSD.ORG>; Tue, 31 Jul 2001 12:57:02 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id A83A666B39; Tue, 31 Jul 2001 12:57:01 -0700 (PDT)
Date: Tue, 31 Jul 2001 12:57:01 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Jahanur R Subedar <jahanur@zeetelecom.com>
Cc: Kris Kennaway <kris@obsecurity.org>,
	freebsd-questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: telnetd missing
Message-ID: <20010731125700.A36060@xor.obsecurity.org>
References: <20010731121809.E34978@xor.obsecurity.org> <NFBBJFIAKLFPCJIFCKPFIEAFCAAA.jahanur@zeetelecom.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="bp/iNruPH9dso1Pn"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <NFBBJFIAKLFPCJIFCKPFIEAFCAAA.jahanur@zeetelecom.com>; from jahanur@zeetelecom.com on Tue, Jul 31, 2001 at 02:43:34PM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--bp/iNruPH9dso1Pn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Jul 31, 2001 at 02:43:34PM -0500, Jahanur R Subedar wrote:
> The last does not show anykind report of unusual login.
> Is there anyother I can trace it.

Only if the attacker doesn't know what they're doing.  If you hadn't
patched your telnetd yet, you're owned.  Cut your losses, take the
machine off the network and rebuild it from scratch, being careful not
to put back any binaries from the compromised system onto the new one
because they may contain backdoors.

Kris

--bp/iNruPH9dso1Pn
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7Zw2MWry0BWjoQKURAozOAJ94NE8MfQRUoQujHnS4ZGrEVSNn/wCgwYCY
hvdnMFTVwpEPmjP1+b5jps0=
=wLe0
-----END PGP SIGNATURE-----

--bp/iNruPH9dso1Pn--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message