Date: Thu, 14 Dec 95 22:03 WET From: uhclem@nemesis.lonestar.org (Frank Durda IV) To: current@freebsd.org Subject: FreeBSD shines in security audit Message-ID: <m0tQRMv-000CecC@nemesis.lonestar.org>
next in thread | raw e-mail | index | archive | help
I was minding my own business the other day when one of my FreeBSD 2.1 boxes started reporting (via syslog) events that suggested a break-in attempt. Among other things, someone was using port 25 to VRFY account names (really bad choices too such as 'guest', 'lp', 'bbs', 'system', but strangely not trying 'root' or 'uucp'). The source IP address and system was reported in the log messages, so the sysadmins of the facility in question were contacted and told to attack the guilty party without mercy. Later I discovered that every other FreeBSD box (all 2.1.0 systems) I had control over was also probed in a similar fashion. Those with sendmail (instead of smail) made the most noise about the event. Finally I got word that the corporate IS weenies (sorry, "Mr. IS Weenie") decided that there might be security problems somewhere "out there" so they bought some really expensive package to sweep for "security problems". None of the FreeBSD 2.1 systems were penetrated. The SUNs, Windows NT, VMS, Windows '95 and even a couple of Ciscos that the program sweeped didn't fare as well! Even those systems that were not penetrated didn't report the attempts to anybody. I found this amusing since one of the FreeBSD 2.1 systems had been installed only a few hours earlier and so almost nothing had been configured or changed from the stock settings other than setting the root password. Of course, the attack the package performed didn't even rank up to stuff that 3rd graders are probably trying these days, but it still annoyed IS that these "evil little FreeBSD systems" (translation: they didn't cost anything so IS didn't get a say in their purchase) got no black marks from the auditors, and some of the expensive systems that IS did purchase did get caught. Good job to all who worked on 2.1! Frank Durda IV <uhclem@nemesis.lonestar.org>|"The purpose of IS is to obtain | computer systems and then to do | everything possible to avoid ...rwsystr.nkn.net!nemesis!uhclem | letting the systems be used."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0tQRMv-000CecC>