Jeremy Blosser wrote:
Rick Chandler [chandlerrick@hotmail.com] wrote:
Rick Chandler wrote:
How do I disable FTP in Suse? I was on IRC and someone showed me my logon prompt. It shows in the message log that he tried to >>login as root. I really need to disable this.
also how does one show you your logon prompt? your log showed he *tried* to log in as root which isnt difficult to do he can easily get tou dynamic p address and say finger thatipaddress to get your machine name does your log say anything else? very curious ;-) rob
I don't know how he showed me my logon prompt. I was in IRC and he just popped it up in IRC. The log just showed the IP address he was coming from and that someone had tried unsuccessfully to login as ROOT.
1) get an ip address 2) telnet to said address, if telnet is allowed, you get a login prompt 3) try to login as 'root' 4) fail 5) cut and paste the above dialogue (or parts of it) into IRC window
-- Jeremy Blosser | jblosser@firinn.org | <A HREF="http://jblosser.firinn.org/"><A HREF="http://jblosser.firinn.org/</A">http://jblosser.firinn.org/</A</A>> -----------------+-------------------------+------------------------------ "Would you fight to the death, for that which you love? In a cause surely hopeless ...for that which you love?" -- D. McKiernan, _Dragondoom_
Thats exactly correct <g> Keep in mind when you dial up you're issued a dynamic ip address Identifying *your* machine on the net, so when your on irc the person does a "whois" gets your dynamic ip addy and telnets to your machine. I dout the fellow was too savy as telnetting in as root is usually disallowed -iow- lame. Now, if you have a 24/7 connection then an attacker has much more time to gather info and usually find a system users name (guessing the passwd or running crack or some such thing) and logs in as that... maybe trys to install a sniffer for usernames and passwords when he/she gets that info then... will attempt to su to root. Keep in mind that Linux offers may "services" that are exploitable although its really a matter of how long the system is online and of course what services are offered FWIH SuSE is less (slightly) exploitable then say RH as RH is probably more common to kids fooling around etc and the file struture system settings are slightly different, making very common exploits less common. If you're curious, call a friend who has Linux, dialup and find your dynamic ip addy, have him telnet into your machine (giving him a username & passwd) he will log rite in to *your* machine! hehehe.... cool ;-) other usefull reading <A HREF="news:comp.security.unix"><A HREF="news:comp.security.unix</A">news:comp.security.unix</A</A>> Have fun! rob Linux Home page <A HREF="http://www.connix.com/~dizzy73/LBM.htm"><A HREF="http://www.connix.com/~dizzy73/LBM.htm</A">http://www.connix.com/~dizzy73/LBM.htm</A</A>> - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archiv at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>