SUMMARY in.telnet bug?

From: Douglas Sean Hagan (
Date: Thu Jun 11 1998 - 13:31:22 CDT

Most of the responses that I received said that my user had probably
either sent his password over insecure lines and it was sniffed, or that
my user had been targeted. Either way this lead us to tighten down
security with tcpd and more religious watching of our logs. Gregory
Coleman included this little bit of advice that others may be
interested in.

> My suggestions in this scenario:
> ==>Hit and follow their info about breakins.
> ==>Start monitoring that box assiduously. If you don't have
> /var/adm/loginlog in place, create it as such (as root):
> touch /var/adm/loginlog; chmod 600 /var/adm/loginlog
> ...this will log failed login attempts.
> ==>Run tcp-wrappers if you aren't already.
> ==>Provide ssh for your users.
> ==>Change the password on that account.
> ==>Run crack and find out if there are other weak passwords and change
> them.
> Hope that doesn't make you too paranoid, but it did it to me!

Michael Neef also told me about a recent security patch for in.telnet.
Patch number 106049-01.

Thanks for everyone that responded. David Wiseman Scott D. Yelich Simon Convey
rsnyder@eos.hitc.con Rich Snyder Gregory Coleman Steve Kay Michael Neef

                                        Douglas Sean Hagan
                                        ACRS Unix Administration
                                        Western Kentucky University

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:41 CDT