From: Brian O'Donoghue (Brian.ODonoghue at domain kbs.ie)
Date: Fri 05 Jul 2002 - 15:35:01 IST
I setup up a Slackware box as a gateway and firewall recenctly.
Some guy who apparently works for a security company claims to have 'done a
security probe on our ip' and found that we had a telnet and chargen exploit
amognst others.
The only thing is I'm not running telnet nor chargen on the slackware box...
and the only port you can actually initiate a connection on from outside our
internal ip range is (ie from the internet) is port 25... which gets
forwarded to a windows nt 4 server.
Now either this guy is lying about telnet,chargen and others or he has found
a way to exploit exchange server such that it provides access to say a
buffer overflow on the windows box and from they say running a telnet
session on the windows box, he has managed to find an exploit on the slack
box.... or he has found a way to overcome the fact that I am dropping
connections by default on all ports on the firewall bar port 25 which gets
forwarded <something I'm sure the kernel hackers might be quite interested
in>.
The thing is that he is living with one of the other developers I work with
and I have been asked to reveal the root password for my Slackware box.
<Advice appreciated>
Bod
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:17:41 GMT