A host at school, running FreeBSD, which I installed, was broken into by a script kiddie. Most assumably, the break-in was performed using an exploitable bug in the telnet daemon of free BSD systems (netkit-telnetd), which is often running on GNU/Linux systems as well.
I am not trying to hide this break-in act. I believe in and
support being open regarding such information, being valuable to
many.
I am not emberassed in it. Yes, a system I installed was broken
into by a script kiddie with no security knowledge beside running
pre-made code that exploits known vulnerabilities. That system was
a host I installed to test various things with FreeBSD. It did not
have any importance besides that to the school network or any
other resource, nor did it have any trust by other systems or
valuable information. I did not attempt to secure it, and if I
would choose to run a production mission on it, I would have
reinstalled it at the time of that choice, with far more security
considerations.
The netkit-telnetd bug which I am assuming was exploited to break into that system, is a known problem, which have been announced as important at FreeBSD's headquarter site, as well as on various security related mailing lists. and I was aware of it before it was exploited on that system, I do not recall if firstly from a thread in the bugtraq mailing list, from a post in the debian-security-announce mailing list, or firstly from FreeBSD's site. On a production/sensitive system, I would most probably have been able to take action before any attack.
The offender script kiddie should probably be more ashamed, with childish actions and over-pride (as seen in files left by him on the system) of such a break-in.
If any mention exists to the break in to a production user server
by the same script kiddie, I am not trying to hide that action (and
its success) either. That was the first time a system I administered
was broken in to. The system was reinstalled from scratch, with only
previous content restored being users' data from a backup. As the
first case of a break-in to a system I was responsible to, I can say
I learned from it both in awareness and technical experience, and
that system is set up in a more secure manner now.
I was emberassed in it, yes. But I am not trying to hide it, and
can say I have learned from it, and improved that system's
security after the reinstall.
$Id: breakin.html,v 1.5 2004/03/13 15:42:42 alsbergt Exp $