Security Incidents mailing list archives
Re: RedHat compromise
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Tue, 20 Feb 2001 13:36:05 -0500
On Tue, 20 Feb 2001, Johan.Augustsson wrote:
Telnet!? Are you out of your mind? The intruder might use the cracked box as a sniffer and then you try to telnet to it? Use SSH and do not use telnet for any other systems in the same physical network as the cracked computer.
one overlooked possibility is that if they have root on the box you're on already, they can easily intercept system calls and reassemble your ssh stream. in fact, a tool exists to do this: sshsniff. all you need is one side of the connection, and attach yourself to the process. ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- RedHat compromise Jim Roland (Feb 19)
- Re: RedHat compromise Michael H. Warfield (Feb 19)
- Re: RedHat compromise Johan.Augustsson (Feb 20)
- Re: RedHat compromise Jim Roland (Feb 20)
- Re: RedHat compromise Jose Nazario (Feb 20)
- Re: RedHat compromise Dave Dittrich (Feb 20)
- Re: RedHat compromise Fabio Pietrosanti (naif) (Feb 21)
- Re: RedHat compromise Andreas Östling (Feb 21)
- Re: RedHat compromise Andreas Östling (Feb 23)
- Re: RedHat compromise Jim Roland (Feb 24)
- <Possible follow-ups>
- Re: RedHat compromise Matteo,Marc A. (Feb 20)
- Re: RedHat compromise Andreas Östling (Feb 20)
- Re: RedHat compromise Jim Roland (Feb 20)
- Re: RedHat compromise Jim Roland (Feb 21)
- Re: RedHat compromise Daniel Martin (Feb 21)
- Re: RedHat compromise Andreas Östling (Feb 20)