Re: *BSD Telnetd

[John <johns () tampabay rr com>]

Here is a good example of one of the many intrusions.

<intrusion>
Date: Wed, 25 Jul 2001 15:32:53 -0400 (EDT)

There were two reports forwarded to me of
xxx.xxx.xxxxx.edu doing telnet port scans of
remote networks. It was an early victim of
the telnet daemon root compromise bug
identified in a CERT advisory issued this
morning.

The machine was given to a Graduate Student
to test out FreeBSD on to see if it did what
he needed it to do. He determined it does do
what he needs but plans were already in the
works for me to do a "more fomal" base OS
install for him and he would re-do his work
afterwards. I had him turn the machine off
yesterday, I should have time to do the
re-install tomorrow. As a routine part of my
installs I turn off telnet access (we have
lots of FreeBSD machines around, this was the
only vulnerable one...).

Sorry for the inconveniences. 
</intrusion>

John wrote:
> Well, I am starting to see the first few known
> compromises that have used the new telnetd code.
>
> ...

-- 
The events which transpired five thousand years ago; Five 
years ago or five minutes ago, have determined what will
happen five minutes from now; five years From now or five
thousand years from now. All history is a current event.
- Dr John Henrik Clake -

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com