If you are running FreeBSD (any version 3.1+ (including 4.3-STABLE)) and you are running telnetd, you are vulnerable to this attack.

My suggestion is to patch your telnetd with the link below and turn off telnet access. This is a serious exploit that will both consume large amounts of your bandwidth (due to the nature of the attack) and give the attacker full root access. Any script kiddie can do this -- the exploit is easy to use.

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/packages/SA-01:49/

Originally posted by allera
My suggestion is to patch your telnetd with the link below and turn off telnet access.

Why patch it AND turn it off? I mean, if you turn it off, what is the use of patching? Since you can't use it then...

Why not be safe about it? Why would you want to leave an unpatched binary on your server? All you are doing is downloading a new telnetd binary and replacing the existing one on your server. :) I think it's worth 5 minutes of your time to _potentially_ save 5 hours or more of headaches later. :)