From owner-freebsd-questions  Thu Jan  1 14:58:22 1998
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id OAA16172
          for questions-outgoing; Thu, 1 Jan 1998 14:58:22 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from mhv.net (root@spice.mhv.net [199.0.0.21])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA16162
          for <questions@FreeBSD.ORG>; Thu, 1 Jan 1998 14:58:11 -0800 (PST)
          (envelope-from mgraffam@mhv.net)
From: mgraffam@mhv.net
Received: from localhost (qripto@port108.mhv.net [206.229.41.36]) by mhv.net (8.8.5/8.7.3) with SMTP id RAA24337; Thu, 1 Jan 1998 17:57:58 -0500
Date: Thu, 1 Jan 1998 17:52:22 -0500 (EST)
X-Sender: qripto@localhost
To: "Randy A. Katz" <randyk@ccsales.com>
cc: mgraffam@mhv.net, Steve Hovey <shovey@buffnet.net>, questions@FreeBSD.ORG
Subject: Re: HACKED (again)
In-Reply-To: <3.0.5.32.19980101143122.02cd5740@ccsales.com>
Message-ID: <Pine.LNX.3.96.980101172736.28029E-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 1 Jan 1998, Randy A. Katz wrote:
> >I dont think this is necessarily a problem with ssh. Ssh's security can
> >be circumvented through the insecurity of other things that are running,
> >such as ftp.

> How do they get that kind of control with ftp? Are there standard exploits?
> I had removed all anonymous access to that box...guess that wasn't it, eh?

Well, because ftp's passwords are sent in the clear one can sniff an FTP
session to get the account password, and like I said before once they
do this..they can change the user's ssh config files to get through ssh.

This is a common attack, a friend of mine had his system hacked in exactly
this way.. fortunately the attacker was a good natured guy, and emailed
his logs and details on the attack to my friend, who then secured ftp.

Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"Enlightenment is man's emergence from his self-incurred immaturity.
Immaturity is the inability to use one's own understanding without the
guidance of another. . .Sapere aude! Have the courage to use your own
understanding!" - Immanuel Kant "What is Enlightenment?"

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBNKweLAKEiLNUxnAfAQFQVQP/Q2EmcKa0NjrC+5+XQf4OFqPK6GrMdEqv
fe0tdq0nVqAdYRlf0imPp701i95tTzXN4CiefrJTjX2g84ORSXI7F/ioouy8Vuax
CbzQ7NyJNymmvPodMnI0OwdLZAKl+JC6sPooeELWRXkT/yBdAveG2nMt4xKGL6pt
6mhNR3DsnJw=
=NUb3
-----END PGP SIGNATURE-----