Date: Wed, 1 Aug 2001 11:52:44 -0500 From: Mike Meyer <mwm@mired.org> To: "Ted Mittelstaedt" <tedm@toybox.placo.com> Cc: <questions@FreeBSD.ORG> Subject: RE: URGENT - Seems like i've been hacked... what to do now? Message-ID: <15208.13276.350667.234970@guru.mired.org> In-Reply-To: <005601c11aa0$3edc5080$1401a8c0@tedm.placo.com> References: <15206.42047.35149.695150@guru.mired.org> <005601c11aa0$3edc5080$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ted Mittelstaedt <tedm@toybox.placo.com> types: > On the Internet, there's really not that much chance that a hacker is going to > gain access to a specific datastream. Oh sure, they might be able to crack > into a router here or there, but due to the way that BGP handles routing > on the Internet, a connection that they are sniffing that's passing though a > router they have cracked might suddenly shift due to a route change and be no > longer passing through the compromised router. Actually, I already granted that that possibility is very small. Using ssh doesn't even make it go away - it just makes it smaller. My real worry about sniffers isn't as part of a serious attack, but from a script kiddie owning a router and installing a password reaper of some kind. That I've had a wireless network connections since '97 provides some incentive for making sure everything I connect to has sshd on it as well. > Most of the security argument revolves around whether the data is > valuable or not. While you may consider security measures to be > basic things like setting passwords on accounts, I don't really regard > basic stuff like that as any real security, it's just administrative > tasks. For example, I've seen some sites where everyone has the same > password on their accounts. I put ssh in the same category as setting passwords on accounts, or putting the machines behind a locked door. None of that will stop someone who's sufficiently serious, but nothing will. All you can do is raise the cost to them. This is where the value of the data comes in: the goal is to make their cost higher than the value they place on the data. > Steps such as this are equivalent to locking your door during the > day while you run up to the store - it prevents the casual thief > who's just walking by from shaking the doorknob and walking off with > your TV - but to anyone who seriously wants to get in, it's no > barrier as they will just kick in the door or go through the window. Correct. That's what ssh is. Part of the admins SOP to help reduce casual breakins. All such things also raise the bar for real attackers, but are still nothing more than minimal security. It does that in a number of ways. Keepings passwords from going in the clear over networks I don't trust - which includes the internet at large - is one of them. That it lets me replace several daemons with one is another, as that lowers the number of lines of code that can contain security problems. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15208.13276.350667.234970>