On 26 Feb, [EMAIL PROTECTED] wrote:
>
> Hi,
>
> I yesterday reported that I had a strange program linsniff on my
> server.
>
> To those who are interested the story:
>
> My server is one of plenty servers in a server farm. On one of the
> many machines a hacker managed to isntall a password sniffer
> that sniffed all plain text passwords on that network segment.
>
>>From there he managed to obtain passwords fro all the machines.
>
> The follwoing sniffers were dicovered up to now:
>
> linsniff
> popsniff
> ircsniff
> sunsniff
> ntsniff
>
> He replaced many functions such as ls and passwd to hide his
> presence. I could only see the sniffers with locate sniff.
>
> Lessons: ssh and ftp passwords must be different (It seems that
> is how he got into my system)
> Telnet is a no-no!
> Use chroot for ftp
>
> You're server is as unsecure as the sum of all the neigbouring
> servers un-secureness.
>
> therefore, the only real weapon against a hacker is BACKUPS!
> Regards
>
> Nico
Dear Nico,
As a secure replacement for ftp I am using scp. It rides on ssh, and I
guess is distributed with it as well.
Best regards, Alex.
--
Dr. Alexander Angerhofer
Associate Professor of Chemistry
Department of Chemistry
The University of Florida
Box 117200
Gainesville, FL 32611-7200
USA
Tel.: (+1) 352 846 3281
alt.: (+1) 352 392 9489
lab : (+1) 352 846 3283
FAX : (+1) 352 392 0872
-
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archive at http://www.suse.com/Mailinglists/suse-linux-e/index.html
