Date: Sat, 2 Dec 2000 09:23:08 -0600 (CST) From: Marc Rassbach <marc@milestonerdl.com> To: Peter Pentchev <roam@orbitel.bg> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Move along, nothing to see here. Re: Important!! Vulnerabili ty in standard ftpd Message-ID: <Pine.BSF.4.21.0012020856030.16738-100000@tandem.milestonerdl.com> In-Reply-To: <20001202144502.A1968@ringworld.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > Implement ssh2 RSA login only (disable password login everywhere). > > Also make sure your users use a non-blank pass pharse. > > This will not necessarily help; if another machine (or even an account on > another machine) has been compromised, the attackers could easily install > a backdoored (read: logging) ssh client. I've seen that kind of client > several times, and it's not so hard to do it. I've seen it also. 3 Linux boxes, and one FreeBSD 2.2.7 The 3 linux boxes were trojaned in different ways (different people). 2 of them had ssh *ADDED* just so they could start capturing passwords. (the client wasn't using ssh) Password sniffing, etc la. They had the root password for the FreeBSD box for about a month. They kept placing Linux binaries on the FreeBSD box. The box would run "wierd" according to the customer. They were going to move over to a new FreeBSD box....so fixing the 2.2.7 box wasn't important :-) After the linux boxen were used to portscan other boxes, did I get to scrub the BSD box :-) The Linux boxes....they were all re-installed from scratch. They couldn't find ALL the trojans with the linux box. From the BSD side.... make world and the script kiddies were gone. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012020856030.16738-100000>