From owner-freebsd-questions Thu Jun 3 9:23: 4 1999 Delivered-To: freebsd-questions@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 28D8E1555B for ; Thu, 3 Jun 1999 09:20:04 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id SAA15633; Thu, 3 Jun 1999 18:52:05 +0300 (EEST) (envelope-from ru) Date: Thu, 3 Jun 1999 18:52:04 +0300 From: Ruslan Ermilov To: Marco Masotti Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Popper unknown command (FreeBSD 2.1.6) Message-ID: <19990603185204.A14106@relay.ucb.crimea.ua> Mail-Followup-To: Marco Masotti , freebsd-questions@FreeBSD.ORG References: <37569A8B.E3A735BD@tiscalinet.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <37569A8B.E3A735BD@tiscalinet.it>; from Marco Masotti on Thu, Jun 03, 1999 at 05:08:59PM +0200 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Jun 03, 1999 at 05:08:59PM +0200, Marco Masotti wrote: > > Hello. > I'm reviewing the log files accumulated on a bastion host > (FreeBSD 2.1.6-stable) and I've seen several messages in this pattern: > I think is the attempt of exploiting a breach in the popper program, but > I cannot realize which kind of attempt is that and whether it succeded > or not. > I'm 100% sure you've been hacked. I'm attaching you an exloit code (in private) so you could test it yourself. -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message