Date: Fri, 2 Mar 2001 00:13:19 -0800 (PST) From: mudman <mudman@R181204.resnet.ucsb.edu> To: <freebsd-security@freebsd.org> Subject: /etc/pwd.db Message-ID: <Pine.BSF.4.30.0103020002060.6709-100000@R181204.resnet.ucsb.edu>
next in thread | raw e-mail | index | archive | help
About a month ago, a script kiddie took (a largely unsuccessful) shot at my box: They logged in anonymous ftp (I later on ended up disabling this to discourage them) and would then proceed to spam or packet-flood my box, much like a denial-of-service attack. At regular intervals, they would try to access /etc/pwd.db, and then flood me some more. Well, as it turns out, I never crashed, nor did they ever get /etc/pwd.db However, I think pwd.db is encrypted, right? Even then, since remote root login is not allowed (and I have no accounts in wheel to su to root), would having it do the assailant any good at all? Hypothetically, you could post your root password on the internet and it wouldn't be of much use if you were the only one with access to the console and no one can su to root. (Aside from compromising some users' accounts... in my case, I have no users with really anything important). Eventually, after a lot of other shots like some malformed packets, followed by more failures, the said script-kiddie got bored and gave up, or found somebody else to bother. Is there anything to be gained on such a system, other than a few user accounts, by getting pwd.db? I'm debating whether the attack was close to pointless, or whether there should be any cause for alarm here. So.... what do you guys think? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.30.0103020002060.6709-100000>