rootkit

Jay Nugent jjn
Mon May 17 12:02:16 PDT 2004 

Greetings,

On Wed, 12 May 2004, Net Llama! wrote:

> On Wed, 12 May 2004, M.W. Chang wrote:
> >
> > How did rootkit get into a linux box usually? Via a poorly secured
> > telnet? You cannot install a program into a linux server without shell
> > access, right? (unless there are bugs in the daemons providing services)
> 
> 'poorly secured telnet' is an oxymoron.  there is no secure telnet.  it is
> insecure by design.

   As is FTP  -  passwords sent in the clear every time a customer uploads 
                 new content to his/her webpage.

   As is POP3  -  passwords sent in the clear as customers pop their email 
                  every 5-10 minutes.

   And both of those protocols get used *far* more often per day than any 
telnet sessions (at least amoungst my 100+ shell and web customers).

   As for breakins, I've suffered them via SSH (gee, who'd thought!) a
couple years ago - and ftp, and bind many many years ago.  NEVER has
anyone gotten in via telnet.

   Watch for password sniffers on your broadcast media (ethernet).  Also
keep the MicroShit boxes (if you have to have any) on their own private
subnet on a different ethernet segment than your 'trusted' machines.  If
the passwords don't get sniffed, you don't stand much chance of getting
hacked via the "less" secure FTP/POP/TELNET sessions.

      --- Jay
             
"Those that sacrifice essential liberty to obtain a little temporary safety
 deserve neither liberty nor safety."  -- Ben Franklin (1759) 
+------------------------------------------------------------------------+
| Jay Nugent   jjn at nuge.com    (734)484-5105    (734)544-4326/Fax        |
| Nugent Telecommunications  [www.nuge.com]     (734)649-0850/Cell       |
|   Internet Consulting/Linux SysAdmin/Engineering & Design/ISP Reseller |
| ISP Monitoring [www.ispmonitor.net] ISP & Modem Performance Monitoring |
| Web-Pegasus    [www.webpegasus.com] Web Hosting/DNS Hosting/Shell Accts|
| LinuxNIC, Inc. [www.linuxnic.net]   Registrar of the .linux TLD        |
+------------------------------------------------------------------------+
  2:01pm  up 238 days,  6:49,  5 users,  load average: 0.20, 0.23, 0.17

More information about the Linux-users mailing list