Date: Fri, 1 Dec 2000 09:44:42 -0600 From: Garrett Gregory Cntr AMC/LGXI <GREGORY.GARRETT@SCOTT.AF.MIL> To: Marc Rassbach <marc@milestonerdl.com>, Nevermind <never@nevermind.kiev.ua> Cc: Matjaz Martincic <matjaz.martincic@hermes.si>, freebsd-security@FreeBSD.ORG Subject: RE: Move along, nothing to see here. Re: Important!! Vulnerabili ty in standard ftpd Message-ID: <21A918476AFBD311B0C80000D1ECF0FF01A865FC@vejxoisnte85.scott.af.mil>
next in thread | raw e-mail | index | archive | help
Speaking from experience in a related case: I have had my website system hacked twice in the last year - BOTH times it happened because the hacker got into ANOTHER system where an individual with a trusted account had his userid and password stored on that server in a plain text file - they pogoed from that system with that userid and got in... The results from the investigation? There was nothing else I could do to my system to make it more secure - in fact I got kudos for it being as secure as it was. But as long as people keep info insecurly there's nothing you can do but keep watch and hope to catch them (and of course have good backup sets!). Greg Garrett UNIX Systems Administrator HQ AMC/LGXI DSN 779-4695 Comm 618-229-4695 Email Gregory.Garrett@scott.af.mil -----Original Message----- From: Marc Rassbach [mailto:marc@milestonerdl.com] Sent: Friday, December 01, 2000 9:16 AM To: Nevermind Cc: Matjaz Martincic; freebsd-security@FreeBSD.ORG Subject: Move along, nothing to see here. Re: Important!! Vulnerability in standard ftpd On Fri, 1 Dec 2000, Nevermind wrote: > No, I had only trusted non-anonymous ftp accounts. And sure, very-trusted shell > accounts. All of them have full sudo, but all of us were using only ssh, > telnetd was closed, noone accessed to non-anonymous ftp from outside network. The Accounts and these people may all have been trusted. But what about the people who knew the people with the access? Could THEY be trusted? Did one of them use the same password on all machines, and therefore had a valid password from a non-trustable system? Unless you have logs of all commands/keystrokes of your remote users, stored on a seperate machine, you don't know if the break-in happened by one of your remote users ID's. If you can provide documentation to the break-in, good. If you have a script (either printed directions or an actual automated script) that does the break in, great. I'm positive Kris would love to see it. If all you can do is hand-wave and talk in vague generalities, then please don't post as "Important!! Vulnerability in standard ftpd" try something like "Did they use ftpd to break in?" or "I had a break in....would someone help me figure out what happned" or "Someone was messing with my ftp setup...I could use some help." I'm sure your break in was real, and raised your blood pressure, but your alarmist style of post raised the blood pressure of many sysadmins today. Consider their health....all that caffeine and sugar combined with a spike in blood pressure will kill them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21A918476AFBD311B0C80000D1ECF0FF01A865FC>