[1744] in SIPB_Linux_Development
Linux break-ins
daemon@ATHENA.MIT.EDU (Erik Nygren)
Sun Aug 3 21:51:31 1997
To: linux-dev@MIT.EDU, net-security@MIT.EDU
Cc: katyking@MIT.EDU, mhbraun@MIT.EDU
Date: Sun, 03 Aug 1997 21:51:17 EDT
From: Erik Nygren <nygren@MIT.EDU>
Over the past few weeks, I've heard reports of a number of break-ins
to Linux machines on campus. This is substantial increase over
break-in reports I've heard of in any previous period.
The pattern seems to be:
* User logs in insecurely over the net
* Someone logs in using the sniffed password as the user
* I'd guess that the attacker then tried to get root
access using some security holes
* Once root access is obtained, a sniffer is installed
* Iterate
I haven't seen any evidence of anything other than the first through
stages (I've only had one attacked machine to look at and I couldn't
find anything suspicious).
We may want to try collecting statistics and mounting a campaign to
find out what security holes are being exploited. We should
also do more to educate users about the dangers of sending their
password over the net in the clear.
Erik
