From owner-freebsd-questions  Thu Nov 13 09:08:13 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id JAA27355
          for questions-outgoing; Thu, 13 Nov 1997 09:08:13 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA27341
          for <questions@FreeBSD.ORG>; Thu, 13 Nov 1997 09:08:09 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by gdi.uoregon.edu (8.8.7/8.8.7) with SMTP id JAA01958;
          Thu, 13 Nov 1997 09:08:00 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Date: Thu, 13 Nov 1997 09:08:00 -0800 (PST)
From: Doug White <dwhite@gdi.uoregon.edu>
Reply-To: Doug White <dwhite@resnet.uoregon.edu>
To: "Randy A. Katz" <randyk@ccsales.com>
cc: questions@FreeBSD.ORG
Subject: Re: ARE THEY ABLE TO CRACK UNIX PASSWORDS???
In-Reply-To: <3.0.5.32.19971113081706.00c0a960@ccsales.com>
Message-ID: <Pine.BSF.3.96.971113090051.1931D-100000@gdi.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Thu, 13 Nov 1997, Randy A. Katz wrote:

> Are they able to crack Unix passwords? How to prevent this? Please tell me
> quickly, I've got some hacker terrorizing me.

Define `crack'.  

. Brute-force methods (trying the dictionary) will work IF you have chosen
  easy-to-guess passwords.  Make sure your passwords are secure by:
  . not using words in your password
  . using 2 or more non-letters (numbers, symbols, etc)
  . using passwords at least 6 characters long

. Make sure your encrypted passwords aren't just laying around for anyone
  to read.  By default they should only be in /etc/master.passwd with
  permissions 600, owner root:wheel.  Make sure you didn't copy that to
  your anonymous ftp heirarchy.

Other quick tips:

. Deny snooping attacks by using Secure Shell (ssh) instead of telnet
  where possible, and setting up RSA keys.  If you have a purely UNIX 
  environment then you can disable your own password making it impossible
  for anyone except someone with your private key from even making an
  attempt.

. Use your firewall or ipfw to block the perp's IP.

. Complain to their ISP and give logs as evidence.  

I'm no security professional but those are some quick things that may
help.

Don't worry about some little kid threatening you that they'll hack your
system; if you have decent passwords, I'd invite them to try.  They won't
be successful.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major