Bugtraq mailing list archives

rhosts (+ REQUEST SNMP bug)

From: jseng () darwin technet sg (James Seng)
Date: Mon, 17 Oct 1994 23:18:37 +0800 (SST)


On Mon, 17 Oct 1994, Brett Lymn wrote:

- change the ownership of the user's home directory to root (ideally)
- allow the user group write on their home directory so they can use it
- set the "other" sticky bit on the user's home directory to prevent
  removal of files not owned by the user
- create a directory called .rhosts in the user's directory owned by root
- touch a file into the .rhosts directory - any file will do
- make the .rhosts directory mode 000


Sound like a good idea to me..I will tried it out and see if it works :-)

Thanx for the suggestions..and sorry for the stupid mistake i make for 
mode 000 .rhosts file. But as i was scanning the user directory, it seem 
that only a handful of my user knows about rm(1) or perhaps they could 
care less about the .rhosts file. (oh well..newbie sys-adm make stupid 
mistake now and then :-)

Coming back to security problem, have anyone encounter a cracker hacking a 
network thru the routers instead of the unix box? I mean all along we 
are talking about problem with unix..but what about routers itself? I 
briefly remember that it is possible to send a SNMP request to all 
routers and write to the config file of the router. Of course, this 
requires the router to be configured with write-enable thru SNMP 
request..but this seem to be the default configuration (at least on the 
cisco routers i play with). You can also read the config file, obtain 
the passwd file etc using similar method. Of course, there are some 
routers with secure SNMP implementation but for convience in network 
management, it seem it is not widely use..(or is it?)

There are other security problem with routers i can think off. A cracker 
can run a script trying thousand of time to log into the router and the 
router dont even keep a log. :P

Correct me if i am wrong..I am not really a network guy. Any comments or 
have anyone encounter such attack?

James Seng Ching Hong ~{W/Uq:j~}        
Technet Student Consultant, Technet Unit
Internet: jseng () solomon technet sg

Current thread:

Re: Internet Worm, (continued)
- - - Re: Internet Worm Bennett Todd (Oct 17)
    - PLEASE UNSUBSCRIBE Cpt Danger (Aug 20)
    - PLEASE UNSUBSCRIBE ME Mike Roemmich x71633 - ESO (Oct 18)
    - Re: Internet Worm Julian Assange (Oct 18)
    - PLEASE UNSUBSCRIBE ME Mark McPherson (Oct 17)
    - Re: Internet Worm Pat Myrto (Oct 17)
    - Re: Internet Worm David Miller (Oct 17)
    - PLEASE UNSUBSCRIBE Vatsal P. Sonecha (Oct 17)
    - Re: Internet Worm Fred Kuhns (Oct 18)
  - Internet Worm Source Code Michael S. Hines (Oct 17)
  - rhosts (+ REQUEST SNMP bug) James Seng (Oct 17)
- Re: Internet Worm George Hodson (Oct 17)
- Re: Internet Worm Mark W. Eichin (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
  - Re: Internet Worm Icarus Sparry (Oct 18)
  - Re: Internet Worm F. L. Charles Seeger III (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
  - Re: Internet Worm F. L. Charles Seeger III (Oct 19)
- Re: Internet Worm Darragh Nagle (Oct 19)
  - Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)

(Thread continues...)