- TalkBack 10 of 14:
- Next »
- « Previous
- Thread View
- Flat View
- Pretty suspect scenario
-
The Linux admin made a SSH hole in the firewall for remote working. Some hacker in Romania with IPScan found the hole (scanning the internet), and bruteforced a weak password.
(very simple script will do this)
OK, the Linux admin was smart enough to figure out how to create a hole in the firewall after getting ssh server working, but left a "weak password". Likely, no, possible yes.
The hacker then downloaded and installed a rootkit.(there are hundreds of these available for download).
This allowed the hacker to trade up to root.
You need to be root to install a rootkit, but after the rootkit was installed, they used this to "trade up" to root. Which came first, the ability to become root or installing the tool to become root.
A rootkit is a set of tools a cracker users ONCE they have become root. They therefore don't need a rootkit to trade up, they already have it.
Anyway, maybe you don't understand the actual circumstances surrounding the cracking of the box, or it is a Kaspery (sp?) proof of concept vulnerability?
Getting in through SSH with easy password, possible, finding it and attacking it over all the others, unlikely, getting in and as non root finding a local exploit to escalate to root, getting more and more unlikely. I think it was either an inside job, or ssh as root was allowed and the password was weak.
TripleII - Posted by: TripleII Posted on: 12/13/06 You are currently: a Guest | Members login | Terms of Use
Casting a suspicious eye
Chad_z | 07/24/06
|
exactly what they'd have to do with Windows
voska | 07/24/06
|
well our linux server just got hacked
stevey_d | 07/24/06
|
You know that what you said did not happen...
michael_t | 07/24/06
|
|
I'd say your being nieve
voska | 07/25/06
|
|
I am dissapointed, as I thought U could think a little prior to reply.
michael_t | 07/25/06
|
|
Not Linux' fault; admin/user to blame here
buran | 07/24/06
|
|
I find that running ssh on
swoopee | 07/25/06
|
|
Rootkit as unprivileged user? Unpatched machine.
4:2:2 | 07/25/06
|
|
Pretty suspect scenario
TripleII | 12/13/06
|
More "reasons" to switch to Vista 
michael_t | 07/24/06
|
|
yeah and still yet
not of this world | 07/24/06
|
|
I'd like to see them sue under the DMCA
buran | 07/24/06
|
|
RE: Beware of ransomware, firm warns
elt10@... | 08/14/08
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
Meet Doc
-
-
Here to help you with your Document Management Needs
- Check out Doc’s Blog on ZDNet
- Help your company, help the earth I want to share with you the Environmental Defense Fund Paper Calculator, which allows you to gauge your organization's environmental impact.
- Which is Greener: Paper or Digital? The Answer May Surprise You Anything we can do to reduce paper consumption is good. But what about the impact of digital waste?
-
Produced by
ZDNet and -
