nanog mailing list archives

Re: Rootshell pages hacked

From: Michael Freeman <mikef () boris talentsoft com>
Date: Sat, 31 Oct 1998 14:45:51 +0000 (Local time zone must be set--see zic manual page)

It is not a fucking problem in SSH! Jesus christ, people do not listen.
If it had anything to do with ssh, heres what happened. (speculation) A
trusted host was compromised that Kit Knox or another rootshell staff
member used, ssh was trojaned and passwords were snagged, and the intruder
simply walked right in through the front door. Nothing sophisticated,
nothing fancy, no ssh remote exploits.

On Thu, 29 Oct 1998, Adam D. McKenna wrote:

They claim they were running only qmail, apache and ssh, but who knows if
that's true.

I have heard rumours about an ssh exploit but nothing concrete.

--Adam

-----Original Message-----
From: Joe Shaw <jshaw () insync net>
To: JR Mayberry <rick () magpage com>
Cc: neil <neil () junior uwc ac za>; Russ Haynal <russ () navigators com>;
nanog () merit edu <nanog () merit edu>
Date: Thursday, October 29, 1998 2:36 PM
Subject: Re: Rootshell pages hacked

I thought they were runnign qmail?

Joe

On Thu, 29 Oct 1998, JR Mayberry wrote:

Supposedly sendmail 8.9.1 is to blame, not ssh.
http://www.sendmail.com/sendmail.8.9.1a.html

Current thread:

Re: Rootshell pages hacked Adam D. McKenna (Oct 29)
- <Possible follow-ups>
- Re: Rootshell pages hacked Adam D. McKenna (Oct 29)
  - Re: Rootshell pages hacked C. Harald Koch (Oct 29)
  - Re: Rootshell pages hacked Michael Freeman (Oct 31)
- Re: Rootshell pages hacked Richard Steenbergen (Oct 29)
- Re: Rootshell pages hacked Adam D. McKenna (Oct 31)