by mail.netbsd.org with SMTP; 5 Sep 2000 12:21:43 -0000
	id <RD235Q46>; Tue, 5 Sep 2000 08:32:28 -0400
Message-ID: <E10D54F27C6AD11196EF00600812C5CF067E8C@CNENT>
From: Tony Hernadez <tony@cne-inc.com>
To: "'tech-security@netbsd.org'" <tech-security@netbsd.org>
Subject: strange but true.
Date: Tue, 5 Sep 2000 08:32:24 -0400 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"

I have a 1.4.2 i386 machine running as an apache web server where I work.
This morning I come in to see a bunch of failed login attempts on the
screen. Thats no big deal really.. it happens all the time. But this time
the person tried to login as root and  tony which are the only two accounts
ever used on the machine. How did this happen ? How does someone find out
the users on your machine ? The only inetd services that are running are ftp
and telnet. root cannot log in from a network tty. What gives ?


cheers
Tony Hernandez
Network Engineer