[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: OpenSSH

From: "Paul W. Frields" <paul frields com>
To: Discussion of the Fedora Legacy Project <fedora-legacy-list redhat com>
Subject: Re: OpenSSH
Date: Tue, 03 Aug 2004 20:54:28 -0400

On Tue, 2004-08-03 at 19:01, Barry K. Nathan wrote:
> On Tue, Aug 03, 2004 at 05:42:51PM -0500, Jay Summers wrote:
> > Ditto there. I just sent a message today to one of my other user-lists 
> 
> You mean with sshd hanging, or just all the scans? (I've seen the latter
> but not the former.)
> 
> It's crackers looking for people who are dumb enough to create an
> account named "test" with password "test" (or "guest"/"guest") and leave
> it accessible to anyone on the 'Net. Once they get in, they use kernel
> exploits to get root (if you have users/admins this dumb, *this* is why you
> need to keep the kernel up to date!) and then they install a rootkit...
> 
> These people, whoever they are, are succeding in breaking into more
> systems than you'd expect... :|

For more info on SuckIT, the rootkit in question, you can check out some
info at, e.g.:

  http://www.incidents.org/diary.php?date=2004-07-23
  http://www.phrack.org/show.php?p=58&a=7
  http://www.broadbandreports.com/forum/remark,10854834

I've been getting these for some time now, and the admins I've bothered
to contact back have all confirmed they were hacked due to lazy security
protocols. Not a fair sampling technique but interesting nonetheless.

-- 
Paul W. Frields, RHCE

References:
- OpenSSH
  - From: Carwyn Edwards
- Re: OpenSSH
  - From: Mike Burger
- Re: OpenSSH
  - From: Jay Summers
- Re: OpenSSH
  - From: Barry K. Nathan

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]