Full Disclosure mailing list archives
Re: !SPAM! Automated ssh scanning
From: Ron DuFresne <dufresne () winternet com>
Date: Thu, 26 Aug 2004 18:43:48 -0500 (CDT)
On Thu, 26 Aug 2004, Jan Luehr wrote:
Greetings, Am Donnerstag, 26. August 2004 16:43 schrieb Ron DuFresne:On Thu, 26 Aug 2004, Richard Verwayen wrote:On Thu, 2004-08-26 at 15:12, Todd Towles wrote:The kernel could be save. But with weak passwords, you are toast. Any automated tool would test guest/guest.Hello Todd! You are right about the passwords, but guest is only a unprivileged account as you may have on many prodruction machines. But they managed to become root on this machine due to a kernel(?) exploit! Should I then consider any woody system to be insecure to let people work at?If your uasers are not trustable, then they should not have access to local systems of yours. Once a person has a shell, then they are 95% to root.So your point is, there a much already known local root exploits on an standard woody system no one cares about?
I'm quite sure the debian folks as well as the other dist maintainers would be as interested as the offending package maintainers in finding out the what, where and how of the compromise, to mitigates its direct threats in the future. Will this make a fullblown installed *nix of any real flavor secure from a similiar comprise hours, day or weeks in the future? Highly unlikely. No, my point is that it is much more likely there is a package installed that was sploited. If the system was as up to date and fully patched as claimed, it's likely not a kernel sploit that got them root. My point is this was a 'local user' compromise. There are reasons that many list 75% and more risk is done from the 'inside' then from remote roots. Folks do not seem to understand the implications of 'guest' accounts, or handing out shells to every person they happen to chat with in IRC and such. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: !SPAM! Automated ssh scanning Todd Towles (Aug 26)
- RE: !SPAM! Automated ssh scanning Richard Verwayen (Aug 26)
- RE: !SPAM! Automated ssh scanning Ron DuFresne (Aug 26)
- Re: !SPAM! Automated ssh scanning Tremaine (Aug 26)
- Re: !SPAM! Automated ssh scanning Richard Verwayen (Aug 26)
- Re: !SPAM! Automated ssh scanning Jan Luehr (Aug 26)
- RE: !SPAM! Automated ssh scanning Ron DuFresne (Aug 26)
- Re: !SPAM! Automated ssh scanning Barry Fitzgerald (Aug 26)
- Re: !SPAM! Automated ssh scanning Ron DuFresne (Aug 26)
- RE: !SPAM! Automated ssh scanning Richard Verwayen (Aug 26)
- Re: !SPAM! Automated ssh scanning Jan Luehr (Aug 26)
- Re: !SPAM! Automated ssh scanning Ron DuFresne (Aug 26)
- Re Automated ssh scanning Mister Coffee (Aug 26)
- <Possible follow-ups>
- RE: !SPAM! Automated ssh scanning Todd Towles (Aug 26)
- RE: !SPAM! Automated ssh scanning Stephen Agar (Aug 26)
- RE: !SPAM! Automated ssh scanning Ron DuFresne (Aug 26)
- Re: !SPAM! Automated ssh scanning Tremaine (Aug 26)
- Re: !SPAM! Automated ssh scanning Richard Verwayen (Aug 26)
- Re: Automated ssh scanning Matt Zimmerman (Aug 26)
- Re: !SPAM! Automated ssh scanning sec-focus (Aug 26)
- Re: !SPAM! Automated ssh scanning andreas (Aug 27)
- RE: !SPAM! Automated ssh scanning Ron DuFresne (Aug 26)