Re: Telent Exploit

From: Kris Kennaway (kris@obsecurity.org)
Date: 05/06/02


Date: Mon, 6 May 2002 13:25:03 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: "Dylan A. Reinhold" <Dylan@ocnetworking.com>


On Mon, May 06, 2002 at 12:04:02PM -0700, Dylan A. Reinhold wrote:
> I think I just got hit with a telent exploit. I noticed some network
> activity on my cable modem, Logged in my gateway ran 'w' no one else but
>
> ran 'top' I had telned running, in my security logs I found this:
>
> May 5 16:27:45 cx17105-b /kernel: ipfw: 4000 Accept TCP
> 211.234.111.226:58981 68**.**.**:23 in via ep0
> May 5 16:27:46 cx17105-b /kernel: ipfw: 4000 Accept TCP
> 211.234.111.226:59085 68.**.**.**:23 in via ep0
> May 5 16:27:47 cx17105-b /kernel: ipfw: 4000 Accept TCP
> 211.234.111.226:59086 **.**.**:23 in via ep0
>
> Im running stable what gives???? The worst part was I only had Telnet
> enabled for 3 hours....

Why do you think you were exploited? The above only shows people
connecting to the port. If you don't want people doing that, don't
allow them to.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Relevant Pages

  • Re: Slow speeds on wireless gateway
    ... > am having bandwidth issues. ... > have a cable modem that is connect to a obsd firewall with 2 nics. ... > Once nic goes off to one segment of the network and the other nic is ... the wireless gateway and the OpenBSD machine? ...
    (comp.unix.bsd.openbsd.misc)
  • Telent Exploit
    ... I noticed some network ... activity on my cable modem, Logged in my gateway ran 'w' no one else but ... ran 'top' I had telned running, in my security logs I found this: ...
    (FreeBSD-Security)
  • Re: peer to peer networking
    ... They BOTH have Internet (cable modem) but cannot see each other ... I did try to use the network setup wizard and named the work group Office ... default gateway and an ip address where only the last octect has a diff ... Also ensure that there is no firewalling done on the router because it ...
    (microsoft.public.windowsxp.general)