Bugtraq mailing list archives
rhosts (+ REQUEST SNMP bug)
From: jseng () darwin technet sg (James Seng)
Date: Mon, 17 Oct 1994 23:18:37 +0800 (SST)
On Mon, 17 Oct 1994, Brett Lymn wrote:
- change the ownership of the user's home directory to root (ideally) - allow the user group write on their home directory so they can use it - set the "other" sticky bit on the user's home directory to prevent removal of files not owned by the user - create a directory called .rhosts in the user's directory owned by root - touch a file into the .rhosts directory - any file will do - make the .rhosts directory mode 000
Sound like a good idea to me..I will tried it out and see if it works :-) Thanx for the suggestions..and sorry for the stupid mistake i make for mode 000 .rhosts file. But as i was scanning the user directory, it seem that only a handful of my user knows about rm(1) or perhaps they could care less about the .rhosts file. (oh well..newbie sys-adm make stupid mistake now and then :-) Coming back to security problem, have anyone encounter a cracker hacking a network thru the routers instead of the unix box? I mean all along we are talking about problem with unix..but what about routers itself? I briefly remember that it is possible to send a SNMP request to all routers and write to the config file of the router. Of course, this requires the router to be configured with write-enable thru SNMP request..but this seem to be the default configuration (at least on the cisco routers i play with). You can also read the config file, obtain the passwd file etc using similar method. Of course, there are some routers with secure SNMP implementation but for convience in network management, it seem it is not widely use..(or is it?) There are other security problem with routers i can think off. A cracker can run a script trying thousand of time to log into the router and the router dont even keep a log. :P Correct me if i am wrong..I am not really a network guy. Any comments or have anyone encounter such attack? James Seng Ching Hong ~{W/Uq:j~} Technet Student Consultant, Technet Unit Internet: jseng () solomon technet sg
Current thread:
- Re: Internet Worm, (continued)
- Re: Internet Worm Bennett Todd (Oct 17)
- PLEASE UNSUBSCRIBE Cpt Danger (Aug 20)
- PLEASE UNSUBSCRIBE ME Mike Roemmich x71633 - ESO (Oct 18)
- Re: Internet Worm Julian Assange (Oct 18)
- PLEASE UNSUBSCRIBE ME Mark McPherson (Oct 17)
- Re: Internet Worm Pat Myrto (Oct 17)
- Re: Internet Worm David Miller (Oct 17)
- PLEASE UNSUBSCRIBE Vatsal P. Sonecha (Oct 17)
- Re: Internet Worm Fred Kuhns (Oct 18)
- Internet Worm Source Code Michael S. Hines (Oct 17)
- rhosts (+ REQUEST SNMP bug) James Seng (Oct 17)
- Re: Internet Worm George Hodson (Oct 17)
- Re: Internet Worm Mark W. Eichin (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm Icarus Sparry (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 19)
- Re: Internet Worm Darragh Nagle (Oct 19)
- Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)