Date: Fri, 20 Jun 1997 11:20:48 -0700 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: Sean Kelly <kelly@fsl.noaa.gov> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Attempt to compromise root Message-ID: <25515.866830848@time.cdrom.com> In-Reply-To: Your message of "Fri, 20 Jun 1997 10:33:14 MDT." <33AAB0CA.2781E494@fsl.noaa.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've tried ftp'ing to the.art.of.sekurity.org and have been successful > only once, but haven't been able to transfer any files. sekurity.org > appears registered to a organization called "Insekurity, Inc.". I've got the contents of the site mirrored now and I'll have a look through some of it as I have time. It's possible that there are some genuine compromises here, but it's hard to say. > (1) Does this type of attack seem familiar? Is anyone aware of Yes, but then a good 90% of the attacks I've seen are using somebody's "rootkit" (e.g. the attackers rarely understand the mechanics of what they're doing - it's all done by rote) and so in saying that it's familiar, all I'm saying is that it's distressingly typical. :( > "sekurity.org" and what their purpose is? Is there someone there to > whom I should complain? (Doubtful, as it appears the reason that ftp > site exists is to provide a repository of cracking code.) There are dozens of such sites around - I doubt you'd get much more than laughed at if you tried to make an issue of it. > (2) Can we get an option during the FreeBSD install to generate the > md5/mtree digest? Naturally, I read up on this feature after the You mean of the exact tree you've installed? Hmmmm. There are the foo.mtree files in each distribution, but is there some reason why that wouldn't be enough? The bin.mtree file in particular pretty much covers any of the binaries you'd probably be interested in... Jordan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25515.866830848>