nanog mailing list archives
Re: Rootshell pages hacked
From: "Alex P. Rudnev" <alex () Relcom EU net>
Date: Mon, 2 Nov 1998 13:35:23 +0300 (MSK)
SSh withouth S/KEy or some kind of one time password is useless in case of any compromyse passwords (except the case when you'd like to restrict acxcess to the trusted set of hosts). SSH itself do not believe to be a problem, UNIX one-time passwords are real problem. Another bad problem is _the same UNIX password for all purposes_ - I can sniff your FTP password and use it for SSH access (for example). On Sat, 31 Oct 1998, Michael Freeman wrote:
Date: Sat, 31 Oct 1998 14:45:51 +0000 (Local time zone must be set--see zic manual page) From: Michael Freeman <mikef () boris talentsoft com> To: "Adam D. McKenna" <adam () flounder net> Cc: Joe Shaw <jshaw () insync net>, JR Mayberry <rick () magpage com>, neil <neil () junior uwc ac za>, Russ Haynal <russ () navigators com>, nanog () merit edu Subject: Re: Rootshell pages hacked It is not a fucking problem in SSH! Jesus christ, people do not listen. If it had anything to do with ssh, heres what happened. (speculation) A trusted host was compromised that Kit Knox or another rootshell staff member used, ssh was trojaned and passwords were snagged, and the intruder simply walked right in through the front door. Nothing sophisticated, nothing fancy, no ssh remote exploits. On Thu, 29 Oct 1998, Adam D. McKenna wrote:They claim they were running only qmail, apache and ssh, but who knows if that's true. I have heard rumours about an ssh exploit but nothing concrete. --Adam -----Original Message----- From: Joe Shaw <jshaw () insync net> To: JR Mayberry <rick () magpage com> Cc: neil <neil () junior uwc ac za>; Russ Haynal <russ () navigators com>; nanog () merit edu <nanog () merit edu> Date: Thursday, October 29, 1998 2:36 PM Subject: Re: Rootshell pages hacked I thought they were runnign qmail? Joe On Thu, 29 Oct 1998, JR Mayberry wrote:Supposedly sendmail 8.9.1 is to blame, not ssh. http://www.sendmail.com/sendmail.8.9.1a.html
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
Current thread:
- Re: Rootshell pages hacked Adam D. McKenna (Nov 01)
- Re: Rootshell pages hacked Paul Vixie (Nov 01)
- Re: Rootshell pages hacked Henry Linneweh (Nov 01)
- <Possible follow-ups>
- Re: Rootshell pages hacked Alex P. Rudnev (Nov 02)
- Re: Rootshell pages hacked Adam Rothschild (Nov 02)
- Re: Rootshell pages hacked John P. Reddy (Nov 02)
- Re: Rootshell pages hacked Mikael Abrahamsson (Nov 02)
- Re: Rootshell pages hacked Adam Rothschild (Nov 02)
- Re: Rootshell pages hacked Paul Vixie (Nov 01)
- Re: Rootshell pages hacked John Hawkinson (Nov 02)
- Re: Rootshell pages hacked Adam D. McKenna (Nov 02)
- Re: Rootshell pages hacked themonk (Nov 02)
- Re: Rootshell pages hacked Ryan Pavely (Nov 02)
- Re: Rootshell pages hacked alex (Nov 02)
- Re: Rootshell pages hacked Alex P. Rudnev (Nov 05)
- Re: Rootshell pages hacked Michael Freeman (Nov 05)