security

Frank J. Carmickle frankiec at braille.uwo.ca
Mon Nov 6 11:12:16 EST 2000


No I actually ment smbd2 not smbd.  I know the os pretty well by this
point.  I know how to make it pretty secure.  It's just that someone
hacked in and setup a service called smbd2 thinking that they could pass
it off as smbd in the eyes of the sysadmin.  They set it up to run on port
22 which happens to be ssh.  Oh well they haven't been around after we
tightened up more of the box.  As well as increased the loging of
activities.

Frank


On Sun, 5 Nov 2000, Victor Tsaran wrote:

> SMBD, do you mean SAMBA server daemon? This is another interesting point.
> People should shutdown services they don't use, for example, routed or
> gateway or NIS or SMBD. Because Linux is intended to be used on a multiuser
> networks, a lot of these services are installed by default are initiated by
> default. Learn your OS before you use it!
> Vic
>
> ******* ******* *******
> have you thought of visiting Cybertsar's Internet Kingdom? It is still
> alive!
> Here is the URL:
> http://go.to/vtsaran
> or
> http://kickme.to/vtsaran
>
> ******* ******* *******
> ----- Original Message -----
> From: "Frank J. Carmickle" <frankiec at braille.uwo.ca>
> To: "Kirk Wood" <cpt.kirk at 1tree.net>
> Cc: <speakup at braille.uwo.ca>
> Sent: Monday, October 30, 2000 7:11 AM
> Subject: Re: security
>
>
> > This is very true.  Shawn calls me up at 12:00 am saying that sshd is
> > running but he can't get any connections on port 22.  Tcpdump on port 22
> > revealed some trafic.  Searching through inetd revealed some crazy service
> > called smbd2 which spauned a shell as root.  This all happened after the
> > machine misteriously rebooted.
> >
> > Fun!
> > FC
> >
> >
> > On Mon, 30 Oct 2000, Kirk Wood wrote:
> >
> > > You should look for any connections from IP addresses you don't
> > > recognize. While this would be harder for a production system, on a home
> > > system it shouldn't be too tough. I would pay particular attention to
> ftp
> > > connections (if you have the service available.
> > >
> > > As for everything you can look for, that fills books and employs
> > > profesionals all with their own opinion. And just so you know, if you
> have
> > > a full time connection and find one day you can't log into your own
> > > machine. Turn it off. I have a friend who thought somethign had just
> gone
> > > wrong and needed fixed. Turns out his system had been compromised. If in
> > > doubt shut down and remove it from the net.
> > >
> > > =======
> > > Kirk Wood
> > > Cpt.Kirk at 1tree.net
> > >
> > >
> > >
> > > _______________________________________________
> > > Speakup mailing list
> > > Speakup at braille.uwo.ca
> > > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> > >
> >
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup at braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>





More information about the Speakup mailing list