Brian.ODonoghue at kbs.ie
Fri Jul 5 15:35:01 IST 2002
I setup up a Slackware box as a gateway and firewall recenctly.
Some guy who apparently works for a security company claims to have 'done a
security probe on our ip' and found that we had a telnet and chargen exploit
The only thing is I'm not running telnet nor chargen on the slackware box...
and the only port you can actually initiate a connection on from outside our
internal ip range is (ie from the internet) is port 25... which gets
forwarded to a windows nt 4 server.
Now either this guy is lying about telnet,chargen and others or he has found
a way to exploit exchange server such that it provides access to say a
buffer overflow on the windows box and from they say running a telnet
session on the windows box, he has managed to find an exploit on the slack
box.... or he has found a way to overcome the fact that I am dropping
connections by default on all ports on the firewall bar port 25 which gets
forwarded <something I'm sure the kernel hackers might be quite interested
The thing is that he is living with one of the other developers I work with
and I have been asked to reveal the root password for my Slackware box.
More information about the ILUG