Date: Sat, 28 Jul 2001 23:34:49 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Jorge Biquez" <jbiquez@icsmx.com>, <freebsd-questions@FreeBSD.ORG> Subject: RE: URGENT - Seems like i've been hacked... what to do now? Message-ID: <003101c117f8$90c14cc0$1401a8c0@tedm.placo.com> In-Reply-To: <5.0.2.1.2.20010728131816.01c8e710@icsmx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The correct way is to religiously follow the current security advisories. Telnet's only problem is that if any part of the connection passes over a network infrastructure in which sniffing is practical (as opposed to theoretical) then it's not secure. But if that isn't the case, then your increased exposure using Telnet as opposed to SSH is theoretical. If your willing to believe that backbone provider's allow any Joe off the street into their network rooms to attach sniffers, or other equally silly and impractical stories, then you probably would feel better using SSH than Telnet. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Jorge Biquez >Sent: Saturday, July 28, 2001 11:23 AM >To: freebsd-questions@FreeBSD.ORG >Subject: Re: URGENT - Seems like i've been hacked... what to do now? > > >Reading this confirms me that I do not know nothing yet.... > >I have FreeBSD 4.2 running for web services of my own. No one else use or >have access to the machine, no other users. But I use telnet as the way to >control my machines. If I read correct the last messages I should disable >telnetd and use alternatives, like SSH services (btw I remember a >discussion a few months ago telling SSH was not the correct way to go >either).... > >What's the best way to stay?. If the path to follow to disable telnetd and >have SSH services running, could you please point me to resources of how to >implement this? > >Thanks in advance. > >JB > >At 01:30 28/07/01 -0400, you wrote: >> > So I should only allow SSH connections? >> > >> > Is there anyway to see what has been modified since a >> > particular date? >> > >> > -Sameer >> >>Yes use SSH, there are great terminal apps out there that are >>freeware like putty and tera term pro that will allow you to >>ssh in from a msft system. >> >>At least unplug it from the internet for now, so the rest of us >>don't have to deal with someone using it to DoS from. :) >> >>You can always check for files with the find -mtime option, >>you can check your wtmp by using "last" and all of that. But >>you'd probably be better off just re-installing for now, unless >>you want the experience of trying to track down what was done. >>If you want to do that, go start reading up on what to do.. but >>unplug the NIC. >> >>Enjoy. >> >>-Russell >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-questions" in the body of the message > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003101c117f8$90c14cc0$1401a8c0>