Date: Wed, 11 Dec 1996 07:50:20 -0800 From: Cy Schubert <cy@cwsys.cwent.com> To: Brian Tao <taob@io.org> Cc: Dev Chanchani <dev@trifecta.com>, FREEBSD-SECURITY-L <freebsd-security@FreeBSD.ORG> Subject: Re: URGENT: Packet sniffer found on my system Message-ID: <199612111550.HAA04031@cwsys.cwent.com> In-Reply-To: Your message of "Tue, 10 Dec 1996 21:05:53 EST." <Pine.BSF.3.95.961210204050.9494B-100000@nap.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Tue, 10 Dec 1996, Dev Chanchani wrote:
> > Expire all the passwords and re-install all the system binaries and
> > hopefully he will go away.
>
> All staff have been notified to cycle their passwords. What to do
> with the user base is an entirely different matter...
Don't be too sure that this will secure your passwords. I've seen
/bin/login replaced to collect passwords and either store them or transmit
them upon receipt. You'd better verify that login, su, ftpd, and anything
else that processes passwords is intact.
A couple of ways to avoid this is to use the "r" commands, but this can be a
big security hole as well.
Alternatively you could install Kerberos or ssh. You could distribute a set
of kerberos binaries for windoze to your clients. All they would need to do
is a kinit to get a 10 hour (for example) ticket. They could login to your
system for 10 hours without reentering the password. This will only protect
telnet since I haven't seen a free version of Kerberos for windoze that
supported anything but telnet.
If you want to compile Kerberos 5 Beta 7 on your system, I do have some
patches to allow it to compile and run on FreeBSD.
Regards, Phone: (604)387-8437
Cy Schubert OV/VM: BCSC02(CSCHUBER)
Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET
ITSD Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612111550.HAA04031>