Hi, I yesterday reported that I had a strange program linsniff on my server. To those who are interested the story: My server is one of plenty servers in a server farm. On one of the many machines a hacker managed to isntall a password sniffer that sniffed all plain text passwords on that network segment. >From there he managed to obtain passwords fro all the machines. The follwoing sniffers were dicovered up to now: linsniff popsniff ircsniff sunsniff ntsniff He replaced many functions such as ls and passwd to hide his presence. I could only see the sniffers with locate sniff. Lessons: ssh and ftp passwords must be different (It seems that is how he got into my system) Telnet is a no-no! Use chroot for ftp You're server is as unsecure as the sum of all the neigbouring servers un-secureness. therefore, the only real weapon against a hacker is BACKUPS! Regards Nico - To get out of this list, please send email to [EMAIL PROTECTED] with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the archive at http://www.suse.com/Mailinglists/suse-linux-e/index.html
