Date: Thu, 13 Nov 1997 11:55:17 -0600 (CST) From: "Paul T. Root" <proot@horton.iaces.com> To: randyk@ccsales.com (Randy A. Katz) Cc: shovey@buffnet.net, questions@FreeBSD.ORG Subject: Re: ARE THEY ABLE TO CRACK UNIX PASSWORDS??? Message-ID: <199711131755.LAA01581@horton.iaces.com> In-Reply-To: <3.0.5.32.19971113085135.00a3ce20@ccsales.com> from "Randy A. Katz" at "Nov 13, 97 08:51:35 am"
next in thread | previous in thread | raw e-mail | index | archive | help
In a previous message, Randy A. Katz said:
> OK.
>
> We're using master.passwd, it seems they can just pull down this file and
> crack it. They got my root passwd and logged in and created other users
> which have root access. The password they got is something like 5693k. Did
> they actually get it from sniffing?
The could have. tcpdump will watch every keystroke.
> I just can't believe they guessed that password!???!
>
> This guys' driving me nuts! Help!
>
> Thanx,
> Randy Katz
Take the machine off the network.
Remove all the extraneous users.
Change ALL passwords on the machine.
Install ssh and use it as much as possible.
Search for setuid files owned by root and remove/turn them off. (or make
sure they are secure).
Install tcpd and use it.
Firewall.
--
What if there's not a tomorrow? There wasn't yesterday.
--Bill Murray - GroundHog's Day
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711131755.LAA01581>