Subject: telnetd exploit attempts.
To: None <tech-security@netbsd.org>
From: Stephen M Jones <smj@cirr.com>
List: tech-security
Date: 09/04/2001 20:00:15
Hello All .. I run a semi-high profile public access UNIX
system which started out on SystemV 10 or so years ago and
recently changed platforms and is now running NetBSD..
I applied the telnetd patch, built it and installed
it before cutting over from the old platform. Recently
(the past few days .. probably because of the "unpublished
proprietary source code" leak) I've noticed a telnetd.core
file showing up in /
I've also noticed telnetd attempting to eat up CPU time and
I suspect those are break in attemptees.
I went ahead and compiled the leaked "unpublished proprietary
source code" to test it out .. it ran fine, but didn't
produce a telnetd.core nor did it allow root access.
Before I close, I'd just like to say I don't want to start
a thread on why I should not allow telnet connections. I
know telnet is not secure, et cetera ..
I'm just curious if others are seeing the same thing and
more importantly, the author of the patch might be interested.
The platform here is:
NetBSD sdf 1.5.1 NetBSD 1.5.1 (SDF) #0: Thu Aug 30 01:32:53 UTC 2001 alpha