Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse (1983 mails)

< Previous Next >
Re: [SuSE Linux] security breaches... Help!
  • From: wizard01@xxxxxxxxxxxxxxxxxxxxxx (wizard01@xxxxxxxxxxxxxxxxxxxxxx)
  • Date: Tue, 1 Dec 1998 22:02:19 +0100
  • Message-id: <199812020306.WAA26018@xxxxxxxxxxxxxxxxxxxxxxxxx>



That was one of the points I made in my original (and it seems,
heavily chopped when someone responded to my response)
response to someone who had their root account compromised.
They included an excerpt from their warn and messages files which
showed what appeared to be a dictionary attack on root, which
eventually succeeded. The individual then proceeded to make
another account for themselves on the machine and also
apparently changed the root password...

One of my suggestions was to deny root login via telnet. Another
was to NOT use words in the password for root, but instead use
randomized alpha-numerics.
Of course deny access to that particular domain (the log showed
two different IP's from the same domain, so it MAY be a dumb-ass
who doesn't know how to spoof their IP doing a "script attack")
may also be an option...
Strangely enough MY system as yet to be compromised, though it
isn't available on the net 24/7 either. It DOES have dialin capability
though...

>
> I thought the normal procedure was to telnet in, then su root, as opposed
> to directly telneting in as root.
>
> Someone please clarify!
>
> On Tue, 1 Dec 1998, Torvald Baade Bringsvor wrote:
>
> >
> > On Tue, 1 Dec 1998 wizard01@xxxxxxxxxxxxxxxxxxxxxx wrote:
> >
> > > > On a several occasions, somebody has managed to break into my networked
> > > > SuSE Linux box and do some damage. On two occasions, the damage has
> > > > made it impossible for me to log in to my own site.
> >
> > If you *have* to enable root logins (not likely), please study the man
> > pages of tcpd, and see if you can use it to limit the number of hosts who
> > can log into your server.
> >
> > -Torvald
> >
> >
> > -
> > To get out of this list, please send email to majordomo@xxxxxxxx with
> > this text in its body: unsubscribe suse-linux-e
> >
>
> -
> To get out of this list, please send email to majordomo@xxxxxxxx with
> this text in its body: unsubscribe suse-linux-e
>

-
To get out of this list, please send email to majordomo@xxxxxxxx with
this text in its body: unsubscribe suse-linux-e

< Previous Next >
References