From owner-freebsd-questions  Sat Sep 29 14:12:48 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from jason-n3xt.org (42.mujb.dlls.dllstxbk.dsl.att.net [12.98.249.42])
	by hub.freebsd.org (Postfix) with ESMTP id 223A037B40D
	for <questions@freebsd.org>; Sat, 29 Sep 2001 14:12:46 -0700 (PDT)
Received: from localhost (jason@localhost)
	by jason-n3xt.org (8.11.4/8.11.5) with ESMTP id f8TLDvl82419
	for <questions@freebsd.org>; Sat, 29 Sep 2001 21:13:58 GMT
	(envelope-from jason@jason-n3xt.org)
Date: Sat, 29 Sep 2001 21:13:56 +0000 (GMT)
From: Jason <jason@jason-n3xt.org>
To: questions@freebsd.org
Subject: I was rooted using telnet
Message-ID: <Pine.BSF.4.21.0109292110500.82213-100000@jason-n3xt.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello:

A couple of days ago I was rooted by someone using a telnet exploit.  I
have been cvsup'ing my sources regularly and was using 4.4-RC at the
time.  I've since moved to 4.4-STABLE.  It looks like they used some kind
of script.  I still have it if anyone wants it.  Since then I have turned
off telnet in inetd and blocked the port with a firewall.  

Anyone have any ideas on how a person could do this?  I looks like this
script just tries to move a lot of data for a long period of time.

---
Jason
jason@jason-n3xt.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message