Date: Fri, 28 May 1999 23:10:14 -0700 From: "Justin Wolf" <jjwolf@bleeding.com> To: <security@FreeBSD.ORG> Subject: Re: System beeing cracked! Message-ID: <006201bea999$ee5e4b00$06c3fe90@cisco.com> References: <MAIL199905280927.OAA08009@nic.mmc.net.ge> <374f731c.607312609@mail.sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Did your friend have access to a machine on the same ethernet ? He could > have sniffed your password and the root's password, and then logged in as > you, and then su'd to root. To add my own meger two cents: My machine (running 2.2.8-R) was recently hacked because someone got their password sniffed (on another network). The attacker then used this account to gain root. Fortunately they didn't do any damage except change the root password (and perhaps trojan the kernel). When I reinstalled with 3.1-R, I turned off ftpd and telnetd in inetd.conf. The only way to get to the machine now is via ssh/scp (since there are ssh clients for all major OSes these days, it's not too much of a hardship... Windows even has a (ssh2) version of scp now). This makes it more or less impossible for someone on the same net to sniff passwords. I never EVER su to root unless I'm on a 100% secure (ssh) session. Obviously there are still holes that people can exploit, but my feeling was that this is probably the easiest way to gain root privledges, so this is the hole I plugged. The basic security rule is: Never run any services unless you have to. Don't have bpf compiled into the kernel. Get strobe and run it on localhost - see what's open. You might not even expect the results (such as X forwarding and RPC). And lastly, always keep up on CERT and BugTraq, and run the latest version of all software (ssh, popper, sendmail, etc.) and patches. Good luck, -Justin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006201bea999$ee5e4b00$06c3fe90>