LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] debian boxes rooted.

[ILUG] debian boxes rooted.

Greg Farrell greg at gregfarrell.org
Wed Sep 22 09:35:16 IST 2004 

Hi Justin,

> There is currently a worm going around that automates just this, BTW --
> see ILUG traffic a month or 2 ago.   It launches a brute-force dictionary
> attack on remote SSH servers, attempting several (sadly) common combos:
Yeah google showed me this worm before I did my OP. But it doesn't seem
to fit the MO.

> A fully-patched-up-to-date box will certainly be vulnerable to this, if
> you had any of those accounts set up with those passwords ;)

Heh. Nope there is only my account, root and cygnus with passwords on my
personal server. All of which i generated and they're 8 character
passwords randomly generated with a combination of letters,numbers and
symbols. I know they could be brute forced eventually but how many
hundreds of thousands of attempts would it take and OpenSSH has
restrictions on the rate you can send in passwords.

John the ripper has been running on my password file for 8 hours now
with none of them broken - admittedly it's not a hugely powerful
machine. It's a UML VM on a dual cpu xeon machine but shared with about
15 other usually light cpu usage VMs (when needed it can usually get the
majority of the hosts cpu cycles).

In reply to Stephs question both boxes are running debian kernels but I
thought you'd need a local account before you can use a kernel exploit?

In support of the idea that is was a password/key stolen or key logged
somewhere both boxes had normal users cracked. Users who don't run any
services. Not the same user on both boxes though, and the user account
cracked on our work box is nothing to do with me, so I'm having trouble
seeing the link unforunately.

   Greg

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell