Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Feb 2002 21:53:08 +0200
From:      Giorgos Keramidas <keramida@ceid.upatras.gr>
To:        "Artem 'Zazoobr' Ignatjev" <timon@memphis.mephi.ru>
Cc:        brett@lariat.org, freebsd-security@freebsd.org, victor@customdynamic.net
Subject:   Re: Is this evidence of a break-in attempt?
Message-ID:  <20020206195308.GA18171@hades.hell.gr>
In-Reply-To: <200202061105.g16B5Uo33060@memphis.mephi.ru>
References:  <4.3.2.7.2.20020205125336.02758450@localhost> <200202061105.g16B5Uo33060@memphis.mephi.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2002-02-06 14:05, Artem 'Zazoobr' Ignatjev wrote:
> > From owner-freebsd-security@FreeBSD.ORG Tue Feb  5 22:59:39 2002
> > Date: Tue, 05 Feb 2002 12:54:41 -0700
> > To: Victor Grey <victor@customdynamic.net>, <freebsd-security@FreeBSD.ORG>
> > From: Brett Glass <brett@lariat.org>
> > Subject: Re: Is this evidence of a break-in attempt?
> >
> > In a word, yes. Looks like they went to the box with a
> > keyboard and a mouse, rebooted, and tried to log in.
> > Clearly, they were so clueless that they did not know
> > about single-user mode.
> >
> Well, if console is marked as `insecure' (which is MY default policy) 
> single mode couldn't help them too much. 
> But there is a way to get contents of any file in root filesystem from
> loader(8), so they could get root hash.

You're assuming the attacker (yes, it was a naive attack of some form)
knows a lot of stuff. He didn't know about single-user mode[1].  He didn't
have enough clue to come with fixit and just power-cycle the box.  Is that
the person you're expecting to have the knowledge it takes to use loader
for password stealing+cracking? :P

	"loader?  What do you mean? What the heck is that?  I just plugged
	in my brand new PS/2 mouse, and a keyboard and rebooted.  The
	fscking thing didn't even get to the point where Windows displays
	'Press CTRL+ALT+DEL to log in.' so I pressed CTRL+ALT+DEL a few
	times.  Can you guess?  Yes, this FreeBSD thing is so obviously
	retarted it does NOTHING when you press CTRL+ALT+DEL!  I had to
	power-cycle it again to remove my keyboard and mouse!"

-- 
Giorgos Keramidas . . . . . . . . . keramida@{ceid.upatras.gr,freebsd.org}
FreeBSD Documentation Project . . . http://www.freebsd.org/docproj/
FreeBSD: The power to serve . . . . http://www.freebsd.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020206195308.GA18171>