From owner-freebsd-security Wed Dec 11 08:00:30 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id IAA18187 for security-outgoing; Wed, 11 Dec 1996 08:00:30 -0800 (PST) Received: from cwsys.cwent.com (0@cschuber.net.gov.bc.ca [142.31.240.113]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id IAA18171 for ; Wed, 11 Dec 1996 08:00:23 -0800 (PST) Received: from cwsys (1000@localhost [127.0.0.1]) by cwsys.cwent.com (8.8.4/8.6.10) with ESMTP id HAA04031; Wed, 11 Dec 1996 07:50:23 -0800 (PST) Message-Id: <199612111550.HAA04031@cwsys.cwent.com> Reply-to: cschuber@uumail.gov.bc.ca X-Mailer: Xmh To: Brian Tao cc: Dev Chanchani , FREEBSD-SECURITY-L Subject: Re: URGENT: Packet sniffer found on my system In-reply-to: Your message of "Tue, 10 Dec 1996 21:05:53 EST." Date: Wed, 11 Dec 1996 07:50:20 -0800 From: Cy Schubert Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > On Tue, 10 Dec 1996, Dev Chanchani wrote: > > Expire all the passwords and re-install all the system binaries and > > hopefully he will go away. > > All staff have been notified to cycle their passwords. What to do > with the user base is an entirely different matter... Don't be too sure that this will secure your passwords. I've seen /bin/login replaced to collect passwords and either store them or transmit them upon receipt. You'd better verify that login, su, ftpd, and anything else that processes passwords is intact. A couple of ways to avoid this is to use the "r" commands, but this can be a big security hole as well. Alternatively you could install Kerberos or ssh. You could distribute a set of kerberos binaries for windoze to your clients. All they would need to do is a kinit to get a 10 hour (for example) ticket. They could login to your system for 10 hours without reentering the password. This will only protect telnet since I haven't seen a free version of Kerberos for windoze that supported anything but telnet. If you want to compile Kerberos 5 Beta 7 on your system, I do have some patches to allow it to compile and run on FreeBSD. Regards, Phone: (604)387-8437 Cy Schubert OV/VM: BCSC02(CSCHUBER) Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET ITSD Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it."