From owner-freebsd-questions Mon Jul 30 1:21:35 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id CC04037B401 for ; Mon, 30 Jul 2001 01:21:30 -0700 (PDT) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f6U8LN862726; Mon, 30 Jul 2001 01:21:24 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Mike Meyer" Cc: Subject: RE: URGENT - Seems like i've been hacked... what to do now? Date: Mon, 30 Jul 2001 01:21:22 -0700 Message-ID: <00be01c118d0$9df492c0$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <15204.14832.983339.818756@guru.mired.org> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >-----Original Message----- >From: Mike Meyer [mailto:mwm@mired.org] >Sent: Sunday, July 29, 2001 9:30 AM >To: Ted Mittelstaedt >Cc: questions@freebsd.org >Subject: RE: URGENT - Seems like i've been hacked... what to do now? > > >[I tried to restore the disorder introduced by top posting, and gave >up. Bleah.] > >Ted Mittelstaedt types: >> But if that isn't the case, then your increased exposure using >> Telnet as opposed to SSH is theoretical. If your willing to believe >> that backbone provider's allow any Joe off the street into their >> network rooms to attach sniffers, or other equally silly and >> impractical stories, then you probably would feel better using >> SSH than Telnet. > >It's not the silly and impractical stories you believe that make using >SSH a good idea, it's the ones you *don't* believe. Like the one about >every box on every route through every provider on the internet being >secure. Sure, the chances of something critical of yours going through >a box compromised by someone who acetually cares is nearly zero, but >why risk it, especially when ssh free and easy to install on pretty >much anything that has a cpu? Because in many cases the source device that your Telnetting in from DOES NOT support SSH. Not all systems are PC's. To give you an example, I use BSD boxes internally in customer networks many times. Often these boxes are stuffed in a closet, sans monitor. If I happen to get called in to the company to do something, I'm not going to find a convenient system that's got an SSH client installed, although all of the systems have Windows Telnet on them. As another example, I have some customers with BSD boxes acting as routers that are deep inside their internal WAN, many hops away. Their gateway to the outside is a Cisco router running translation that is connected to a circuit that terminates at the router in the next room. If something in their internal routing falls down that's related to one of these boxes that's buried, I have to hopscotch from Cisco WAN router to Cisco WAN router to reach the subnet that the BSD router is on and Cisco routers don't support SSH. Security is all about weighing risks. There's no point in going gaga over SSH when the server your running it on is physically insecure. I've got one customer that stupidly built their server room in an empty office. Office was empty because it was a ground floor corner office in a architecturally weird location and it had _three_ walls that were full length glass, and it was fricking cold in there all the time so no employees wanted to have the office. They figured the cold and the fact that it was big and no one wanted it made it an ideal server room and even spent a grand on a fancy card-key electronic lock on the door. I never tire of asking them when the guys with the big truck and the sledgehammers are going to show up and smash the window and make off with all their server hardware in the middle of the night. (did I mention the office isn't visible from the street and the servers are all full towers sitting on the floor?) I've been told that telnet with >encryption is more secure, but finding implementations for everything >I need it for is a bit harder. > >That said, encryption isn't a panacea. It just raises the cost to the >attacker. The DMCA also brings more legal weapons into play - it makes >distribution of the tools needed to crack an ssh session a felony in >the US. > Actually, no it does not. All it makes it a felony to do is to distribute the tools ONLINE. Printed material is still covered by Freedom of the Press. In fact the Electronic Frontier Foundation distributed a pretty good DES cracker in this manner. They simply put the machine source into the printed pages with instructions on how to OCR it into a binary. (it was an assembly language program for obvious reasons) Anyway, the DCMA is just waiting for a court test in front of the Supreme Court and it will happen eventually and the law will be tossed out and that will be that. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message