port-mac68k: Re: telnet breakings?

Subject: Re: telnet breakings?
To: Brian Wildasinn <bwildasi@csulb.edu>
From: Dr. Bill Studenmund <wrstuden@loki.stanford.edu>
List: port-mac68k
Date: 08/17/1998 14:06:48
On Mon, 17 Aug 1998, Brian Wildasinn wrote:

> Hi!
> I've been having people telnet into my box while I have a live-connection to my
> school's servers here at Cal.State Long Beach, California. Today one came
> from a box called 'n116client168.hawaii.rr.com. Last week someone's box called
> 'snoop' something made telnet connections also. 

IMMEDIATELY contact your campus computer security folks.

I asked the Stanford security folks about it, and the
"technical contact" is Mathew Black, black@csulb.edu.

> Is there a fix for these intrusions? 

Yes. Figure out how they got in, and close it.

> I wasn't able to see the connection in ps -aux or netstat -r or -a, but like
> the rest of the console messages on this netbsd-1.3.2 upgraded system, they
> scroll up from the bottom of the terminal and also appear in each open xterm and
> application. 
> 
>  I used to have bwildasi add to the group "wheel" file, but decided to take
> it out since ftp and telnet seemed to be able to sign in with that since I left
> off the password. E-gad that's still a problem, since I haven't found a way to
> get my added user names to be able to use applications I've compiled under
> root, which seems to be mandatory anyway in order to gain access to all the
> compiler tools and other files that require root authorization to use. Thus,
> i've just used 'root' to login.

root doesn't have a password???

You shouldn't have to be root to compile things, just to install them.
Sounds like you have some permissions problems.

> I'm reading up on my partially installed apache server to see if that is the
> problem. It installed all its files, but still needs to have  ServerName set
> which I'm trying to do now by reading the htdocs/manual it installed .

Unhook the machine from the net. Once the security folks have discected
the machine, re-install!

Be VERY facist about NOT doing anything root-ish using an insecure
connection. Set up user user accounts and use them. It's a pain in the
ass, but you need to do it.

ssh and or kerberos are your friends!

Take care,

Bill