Subject: Re: the telnet vulnerability - is it actually fixed?
To: David Maxwell <david@vex.net>
From: John F. Woods <jfw@jfwhome.funhouse.com>
List: current-users
Date: 07/26/2001 14:04:41
> 'peer died' messages are generated easily by telnetting and hitting
> Ctrl-D at the login prompt. It either means someone tried to login and
> gave up, or someone was testing your machine.
> In all testing of the exploit that I did, you would see a 'No such file
> or Directory' for any attempted, or successful exploit.

Here's what I saw:

Jul 26 00:09:30 jfwhome telnetd[2617]: ttloop:  peer died: No such file or directory
Jul 26 00:10:46 jfwhome telnetd[2626]: ttloop:  peer died: No such file or directory
Jul 26 00:37:57 jfwhome telnetd[2846]: ttloop:  peer died: No such file or directory
Jul 26 00:39:33 jfwhome telnetd[2847]: ttloop:  read: Connection reset by peer
Jul 26 01:22:44 jfwhome telnetd[2627]: ttloop:  peer died: No such file or directory

It certainly looks like the script kiddie community has jumped on this bug
with relish.  Before this was announced, that last time I saw that message
was April 17.