[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] TELNET PROBLEM

Subject: RE: [cobalt-users] TELNET PROBLEM
From: "Jay Fesco" <jay@xxxxxxxxxxxx>
Date: Thu Mar 22 00:20:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Ramon et al,

Don't assume that being hacked would result in your Raq being 'shut down',
or that FTP would not be available.  When our Raq3 was hacked, the script
kiddies set up an ICQ channel on it, broke Telnet, and left FTP alone.
Consider their intent (if we can ever really know what they intend); We
assume that they want to be able to get back into your machine and use it
for their purposes.  In our case, it was to install TRIN00 to use us as an
attacking system in a DDoS.  Their DDoS would fail if they 'broke' the Raq
to the point that it failed completely.  Telnet was the first thing to go on
ours (and the symptoms were exactly as you describe...)  Only then did we
dig deeper (thank God for Webmin) and find that the system was compromised.
I sincerely hope you weren't hacked, but it sounds like a possibility you
should consider.  Stay up to date on your security updates and shut down
unnecessary services.  At least you give yourself a fighting chance that the
obvious (read: published) exploits won't be used to compromise your Raq.
Remember, hackers read the Cobalt Security Forum and Bugtraq at least as
diligently as we do.

Jay Fesco

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Ramon LOPEZ
Sent: Thursday, March 22, 2001 10:47 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] TELNET PROBLEM


How can  I  solve this problem ?
My RAQ3 is behind a firewall, could it be a problem for the telnet ?
If  I was hacked, why nothing has happend (the raq don't shut down, the ftp
works fine, and i can use
it as usually)

Thanks

----- Original Message -----
From: "Wayne Sagar" <wsagar@xxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, March 22, 2001 1:40 PM
Subject: RE: [cobalt-users] TELNET PROBLEM


> > I can't access to my raq 3 by telnet, but this service is
> > enabled and seems to work fine on the server management.
> > The only thing i get when a telnet my raq3 is :
> >
> > Cobalt Linux release 5.0 (Pacifica)
> > Kernel 2.2.14C10 on an i586
> >
> > And it don't ask me to enter login and password...
>
> Same symptom as when I (as well as others) was haqued....
>
> WS
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- RE: [cobalt-users] TELNET PROBLEM
  - From: baltimoremd

References:
- Re: [cobalt-users] TELNET PROBLEM
  - From: Ramon LOPEZ

Prev by Date: [cobalt-users] Cube 2 User - Secondary Interface IP Address
Next by Date: [cobalt-users] Error with RaQ3-en-System-4.0.7-9229.pkg
Previous by thread: Re: [cobalt-users] TELNET PROBLEM
Next by thread: RE: [cobalt-users] TELNET PROBLEM

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index