Date: Wed, 26 Aug 1998 21:55:56 -0700 (PDT) From: "Jan B. Koum " <jkb@best.com> To: Brendan Kosowski <brendan@bmk.com.au> Cc: FreeBSD Security <freebsd-security@FreeBSD.ORG> Subject: Re: FreeBSD 2.2.5 Security Problem Message-ID: <Pine.BSF.4.02A.9808262149230.7487-100000@shell6.ba.best.com> In-Reply-To: <Pine.BSF.3.96.980827121129.2189A-100000@garfield.bmk.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
You probably got broken into through popper. Are you running qualcomm version? I suspect intruders either replaced telnetd/login binaries or simply connect to popper to get a shell. They also modified wtmp files to hide their presence on they system. This issue (popper bug) has been discussed before on this list. Anyone running FreeBSD IMHO should be on this list AND bugtraq if they care about security at all. I'd re-install the OS at this point since you have no way of knowing where you might have a back door. FreeBSD security advisories are located at: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/ You will not see popper advisory in this directory since popper is not part of the OS. If you do decide to re-install, take a look at www.best.com/~jkb/howto.txt for some basic steps one can take to make their FreeBSD a bit more secure out of the box. -- Yan www.best.com/~jkb/ Unix users of the world unite: www.{free,open,net}bsd.org | www.linux.org | www.apache.org | www.perl.com "Turn up the lights, I don't want to go home in the dark." On Thu, 27 Aug 1998, Brendan Kosowski wrote: > >I suspect a regular security break-in on my FreeBSD 2.2.5 system for the >following reasons : > > >( Note1 : my system has a small number of users which I know well ) >( Note2 : my inetd.conf only enables FTPD, TELNETD & POPPER ) > >1. My Internet costs increased by 10 times last month. > >2. I often see 2 SHELLS running when I do a "ps -ax" even though I am the >only person listed when I do a "who". > >3. My SYSLOG messages file has lots of telnetd "undefined errors" during >times when NO ONE is using the system. > > >Can anyone help me ??? > >Does anyone have AN OFFICIAL LIST OF FreeBSD 2.2.5 SECURITY HOLES and >HOW TO FIX THEM ??? > > > >Thanks & Regards, Brendan... > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9808262149230.7487-100000>