The sad reality is that it is almost impossible to secure any standard PC against an attack by somebody who has physical access to it. In the immediate example, far easier than cracking root's password on the floppy would be substituting a fresh /etc/shadow file in etc.lrp (or even supplying a completely fresh etc.lrp package).
In general, the best way to fight "brute force" password crackers is to pick hard-to-guess passwords ... good, unpatterned ones of the sort that all the references recommend.
At 03:39 PM 3/10/2003 -0600, Lynn Avants wrote:
On Monday 10 March 2003 02:51 pm, Heriberto H�hlke wrote: > Hello > > I usually open .lrp files with Winzip81 in Windows 98, renaming them to > *.tgz, except initrd.lrp, that can't be opened. I would like to protect the > password file of etc.lrp from been cracked with Brute Force crackers like > John The Ripper. > Is there a way for backing up the .lrp files, so they cannot be opened (as > initrd.lrp), except from inside the Bering box, and of course knowing the > root password?
How would anyone be able to crack your password file without logging in as 'root'? Really the only security concerns to the outside you would have would be dependant on opening http/ftp/etc... services open to the internet and running on the router itself. If this is a large concern of yours, I would suggest moving these services off the router and into a DMZ. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
