On 26 Feb, info@edoc.co.za wrote:

Hi,

I yesterday reported that I had a strange program linsniff on my server.

To those who are interested the story:

My server is one of plenty servers in a server farm. On one of the many machines a hacker managed to isntall a password sniffer that sniffed all plain text passwords on that network segment.

...

From there he managed to obtain passwords fro all the machines.

The follwoing sniffers were dicovered up to now:

linsniff popsniff ircsniff sunsniff ntsniff

He replaced many functions such as ls and passwd to hide his presence. I could only see the sniffers with locate sniff.

Lessons: ssh and ftp passwords must be different (It seems that is how he got into my system) Telnet is a no-no! Use chroot for ftp

You're server is as unsecure as the sum of all the neigbouring servers un-secureness.

therefore, the only real weapon against a hacker is BACKUPS! Regards

Nico

Dear Nico, As a secure replacement for ftp I am using scp. It rides on ssh, and I guess is distributed with it as well. Best regards, Alex. -- Dr. Alexander Angerhofer Associate Professor of Chemistry Department of Chemistry The University of Florida Box 117200 Gainesville, FL 32611-7200 USA Tel.: (+1) 352 846 3281 alt.: (+1) 352 392 9489 lab : (+1) 352 846 3283 FAX : (+1) 352 392 0872 - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at <A HREF="http://www.suse.com/Support/Doku/FAQ/"><A HREF="http://www.suse.com/Support/Doku/FAQ/</A">http://www.suse.com/Support/Doku/FAQ/</A</A>> and the archive at <A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html"><A HREF="http://www.suse.com/Mailinglists/suse-linux-e/index.html</A">http://www.suse.com/Mailinglists/suse-linux-e/index.html</A</A>>