From owner-freebsd-questions Wed Jul 24 21: 4:33 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C26137B400 for ; Wed, 24 Jul 2002 21:04:30 -0700 (PDT) Received: from probsd.ws (ilm26-7-034.ec.rr.com [66.26.7.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A1B643E42 for ; Wed, 24 Jul 2002 21:04:29 -0700 (PDT) (envelope-from freebsd@ec.rr.com) Received: by probsd.ws (Postfix, from userid 80) id EAF7410AF2; Thu, 25 Jul 2002 00:07:03 -0400 (EDT) Message-ID: <2083.192.168.1.1.1027570023.squirrel@webmail.probsd.ws> Date: Thu, 25 Jul 2002 00:07:03 -0400 (EDT) Subject: Re: Watching users From: "Michael Sharp" To: In-Reply-To: <002901c2338c$3709eab0$2afececd@TCOOPER> References: <000001c23388$a1c00500$0a01a8c0@MIKESBOX> <002901c2338c$3709eab0$2afececd@TCOOPER> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.7) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Grant Cooper said: Just because you see some anonymous FTP activity and some telnet activity dosent mean there are blackhats on this list targeting you. As for secure shell, its history compared to FTP cant even be compared. Did you upgrade SSH when you saw the vulnerability, or did you a week, or two later? Do you update ports, or patch core when issues arise? My advice, man jail > You know what, as soon as you say your a newbie on this list your > bound to be attacked. After advertising my domain I was flooded with > anonymous ftp, telnet. This is a perfect place for BHH (Black Hat > Hackers) to find newbies to compromise and teach a lesson about > security. How fun. :) > > P.S. hehe, I was under the impression that SSH was suppose to be a > secure shell. I will stick with the old FTP. > > paranoia continues..... > > ----- Original Message ----- > From: "sagacious" > To: > Sent: Wednesday, July 24, 2002 9:09 PM > Subject: RE: Watching users > > >> >Hmm... So you want something that will simply just flip a switch >> and >> let >you know if/when someone logs in or out. I won't ask why. :-) >> >> >> My box got rooted the other day via that sshd exploit. He was >> defacing my webpage and causing trouble. I didn't even know it. He >> started hiding what he was doing so he could keep root. The funny >> thing is the only reason I still have a box is because I was going >> on vacation so for the hell of it I closed port 22 in my router. I >> locked him out without even knowing it. I have people that need to >> login now that I'm back but I need to see who and what from ips.. >> For all I know this tool downloaded my master.passwd. >> Thanks for your help. >> >> sagacious (Mike) >> Network administrator >> The unixhideout network >> http://www.unixhideout.com >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message