Date: Mon, 28 Jul 1997 16:46:01 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Vincent Poy <vince@mail.MCESTATE.COM> Cc: Tomasz Dudziak <loco@onyks.wszib.poznan.pl>, security@FreeBSD.ORG, "[Mario1-]" <mario1@primenet.com>, JbHunt <johnnyu@accessus.net> Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.95q.970728164333.3342J-100000@cyrus.watson.org> In-Reply-To: <Pine.BSF.3.95.970728123635.3844m-100000@mail.MCESTATE.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jul 1997, Vincent Poy wrote: > On Mon, 28 Jul 1997, Robert Watson wrote: > > Yep, sniffing would work but can they actually sniff outside of > the network? Well, once you have one host, you have all the hosts on the same ethernet segment. Typically, though, problems with sniffing occur on college dorm networks, which run large numbers of less-well-managed Linux/etc hosts. This may be an increasing problem on Cable-modem networks, which I understand work something like Ethernet, in that they are broadcast networks for a local segment. Also, who is to say that occasionally routers or ISP machines don't get broken into, and sniffing occurs? Any of your users could be logging in from an untrusted network, so in essense you are relying on that network to be secure as well as your own. > =)Your best hope at this point is to shut down the system, boot on a floppy > =)with a CDROM mounted, and then do a strategic MD5 checksum of all binaries > =)and check for changes. If you're running STABLE, your best bet may be to > =)sup down differences, but to reinstall the binaries necessary to support > =)the cvsup stuff from CDROM, as well as system kernel and /bin, /sbin, etc. > =)If he's made enough changes to zap syslog, netstat, login-stuff, I > =)wouldn't trust any other tools on the system currently. > > Not even a rebuild of -current after cvs? Well, the problem is, I could easily replace cvs with a script that does cvs, then installs my security hole again. :) Robert N Watson Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ Network Security Research, Trusted Information Systems http://www.tis.com/ Network Administrator, SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org rwatson@tis.com http://www.watson.org/~robert/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970728164333.3342J-100000>