On Thu, 22 Jul 2004 17:42:53 -0500, Paul Stolp <[EMAIL PROTECTED]> wrote:
> ./t
> ./h2
> rm -rf h2
> k;./brk
Has anyone grabbed these and checked to see whats inside them?
--
Jon Dowland
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Troubl
Greg Folkert wrote:
Apparently, the best is to replace crypt based passwords with RSA
based, and use longer passwords.
Actually, best actual reasonable password is: to not use one
I've noticed that using Debian without a root password requires some work.
I'm comfortable in _my_ circumstance
On Thursday 22 July 2004 17:42, Paul Stolp wrote:
> See what a weak password will get ya?
No. I do, however, see what allowing password logins to an SSH server will
get you. I could set my password to "foo" and you still aren't getting in
without my RSA key (or Kerberos
Hi,
I haven't caught the start of this thread, but how can you be sure your
core utilities have not been altered?
Do have a record of how they looked before the crack (a backup, MD5 sums
etc, AIDE,Tripwire database)?. IMO, you would really need to examine
those binaries on another box against a k
* Monique Y. Mudama <[EMAIL PROTECTED]> [2004-07-23 00:04]:
> I'd add the suggestion to not use obvious usernames like "guest" ...
agree -- I will prob. replace this account name
>
> Btw, are you 100% sure they never managed to root you and replace some
> of your files?
I wasn't 100% sure I w
Frank Gevaerts <[EMAIL PROTECTED]> said on Fri, 23 Jul 2004 10:44:34 +0200:
> On Thu, Jul 22, 2004 at 07:24:01PM -0700, Scarletdown wrote:
> > I second that recommendation. I always prefer to have passwords with
> > the following features:
> >
> > Minimum of 8 characters
> > At least 1 capital l
On Thu, Jul 22, 2004 at 07:24:01PM -0700, Scarletdown wrote:
> I second that recommendation. I always prefer to have passwords with
> the following features:
>
> Minimum of 8 characters
> At least 1 capital letter
> At least 1 lower case letter
> At least 1 number
> At least 1 special character
On Fri, 23 Jul 2004 00:04:53 -0400
charlie derr <[EMAIL PROTECTED]> wrote:
> Paul Stolp wrote:
> > * dircha <[EMAIL PROTECTED]> [2004-07-22 21:48]:
> >
> >>Scarletdown wrote:
> >>
> >>>|< == K
> >>>
> < == X
> >>>
> >>>|> == P
> >>>
> >>>Anyone else care to add to this little list?
> >>
> >>
on Thu, Jul 22, 2004 at 11:02:11PM -0700, Karsten M. Self ([EMAIL PROTECTED]) wrote:
> on Thu, Jul 22, 2004 at 07:24:01PM -0700, Scarletdown ([EMAIL PROTECTED]) wrote:
> > Paul Stolp wrote:
> > I second that recommendation. I always prefer to have passwords with
> > the following features:
> >
Quoting "s. keeling" <[EMAIL PROTECTED]>:
> Incoming from Scarletdown:
> >
> > An example of a good password (though since I'm posting it here, it can
> > no longer be considered good) is:
> >
> > [EMAIL PROTECTED]
>
> I disagree. A cracking program is going to attempt to match
> permutations of
on Thu, Jul 22, 2004 at 07:24:01PM -0700, Scarletdown ([EMAIL PROTECTED]) wrote:
> Paul Stolp wrote:
> >I checked in on some bittorrent progress today at lunch, noticed my
> >I'm not sure the July 19 log snippet is related, but seems likely.
> >Anyways, I've re-downloaded the files the attacker use
On Thu, 22 Jul 2004, s. keeling wrote:
> Incoming from Alvin Oga:
> >
> > - and hopefully, they don't have the passwd file from /etc/shadow
> > to compare against
>
> Agreed. Once they're in, all bets are off.
best to assume they are already in and sniffing .. 24x7 and work knowing
Incoming from Alvin Oga:
>
> - and hopefully, they don't have the passwd file from /etc/shadow
> to compare against
Agreed. Once they're in, all bets are off. Why bother to crack if
you can sniff?
--
Any technology distinguishable from magic is insufficiently advanced.
(*)
On Thu, 22 Jul 2004, s. keeling wrote:
> > > I disagree. A cracking program is going to attempt to match
> > > permutations of dictionary words. This will not add much more time to
...
how fast can a cracking system go thru dictionary words that are mispelled
with various digits and special
Mathieu Ducharme <[EMAIL PROTECTED]> said on Thu, 22 Jul 2004 23:33:48 -0400:
> I'm pretty sure dictionary attack also look for this. (?)
>
> Use other characters that will make the word absolutely not dictionar- related
>
> x[([EMAIL PROTECTED])~(w0rD)]x
>
> Still as easy to remember (longer to
On 2004-07-22, Paul Stolp penned:
>
> Anyways, I've re-downloaded the files the attacker used and removed
> (for posterity.) I changed all passwords, IP Address, I found the
> evidence at about 12:24. Just wanted to share the need for strong
> passwords.
I'd add the suggestion to not use obvious
On Thu, 2004-07-22 at 22:59, s. keeling wrote:
> Incoming from Scarletdown:
> >
> > An example of a good password (though since I'm posting it here, it can
> > no longer be considered good) is:
> >
> > [EMAIL PROTECTED]
>
> I disagree. A cracking program is going to attempt to match
> permutat
Incoming from Paul Stolp:
> * s. keeling <[EMAIL PROTECTED]> [2004-07-22 22:03]:
> > Incoming from Paul Stolp:
> > > look for damage, whew, I was O.K. -- I'm sure it helps to be up to date
> > ...
> >
> > How did you manage to verify that? Are you running chkrootki
Paul Stolp wrote:
* dircha <[EMAIL PROTECTED]> [2004-07-22 21:48]:
Scarletdown wrote:
|< == K
< == X
|> == P
Anyone else care to add to this little list?
0 == O
$ == S
|-| == H
|_| == U
|_ == L
\/\/ == W
/\/\ == M
|V| == M
|\| == N
|-o-| == tie fighter
{-o-} == tie interceptor
Good plan, I need t
* Chris Metzler <[EMAIL PROTECTED]> [2004-07-22 22:18]:
> On Thu, 22 Jul 2004 17:42:53 -0500
> Paul Stolp <[EMAIL PROTECTED]> wrote:
> >
> > shutdown -h now !
>
> Believe it or not, this is often a bad idea. It's often easier to
> determine the scope of a compromise by watching the intrude for a
* s. keeling <[EMAIL PROTECTED]> [2004-07-22 22:03]:
> Incoming from Paul Stolp:
> > I checked in on some bittorrent progress today at lunch, noticed my
> > process monitor showing full activity. Ran top, saw user "guest" logged
> > on, running 4 instances of a program named "t", and short term loa
* dircha <[EMAIL PROTECTED]> [2004-07-22 21:48]:
> Scarletdown wrote:
> >|< == K
> > >< == X
> >|> == P
> >
> >Anyone else care to add to this little list?
>
> 0 == O
> $ == S
> |-| == H
> |_| == U
> |_ == L
> \/\/ == W
> /\/\ == M
> |V| == M
> |\| == N
> |-o-| == tie fighter
> {-o-} == tie inter
Incoming from Mathieu Ducharme:
> On July 22, 2004 10:59 pm, s. keeling wrote:
> > Incoming from Scarletdown:
> > > An example of a good password (though since I'm posting it here, it can
> > > no longer be considered good) is:
> > >
> > > [EMAIL PROTECTED]
> >
> > I disagree. A cracking program i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On July 22, 2004 10:59 pm, s. keeling wrote:
> Incoming from Scarletdown:
> > An example of a good password (though since I'm posting it here, it can
> > no longer be considered good) is:
> >
> > [EMAIL PROTECTED]
>
> I disagree. A cracking program is
On Thu, 22 Jul 2004 17:42:53 -0500
Paul Stolp <[EMAIL PROTECTED]> wrote:
>
> I checked in on some bittorrent progress today at lunch, noticed my
> process monitor showing full activity. Ran top, saw user "guest" logged
> on, running 4 instances of a program named "t", and short term load
> average
Incoming from Scarletdown:
>
> An example of a good password (though since I'm posting it here, it can
> no longer be considered good) is:
>
> [EMAIL PROTECTED]
I disagree. A cracking program is going to attempt to match
permutations of dictionary words. This will not add much more time to
re
Incoming from Paul Stolp:
> I checked in on some bittorrent progress today at lunch, noticed my
> process monitor showing full activity. Ran top, saw user "guest" logged
> on, running 4 instances of a program named "t", and short term load
> average over 4. AAGGGHHH!
> shutdown -h now !
> pull
Scarletdown wrote:
|< == K
>< == X
|> == P
Anyone else care to add to this little list?
0 == O
$ == S
|-| == H
|_| == U
|_ == L
\/\/ == W
/\/\ == M
|V| == M
|\| == N
|-o-| == tie fighter
{-o-} == tie interceptor
8~~
?
8-)
...
!
--dircha
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subjec
Paul Stolp wrote:
I checked in on some bittorrent progress today at lunch, noticed my
I'm not sure the July 19 log snippet is related, but seems likely.
Anyways, I've re-downloaded the files the attacker used and removed (for
posterity.)
I changed all passwords, IP Address, I found the evidence at
I checked in on some bittorrent progress today at lunch, noticed my
process monitor showing full activity. Ran top, saw user "guest" logged
on, running 4 instances of a program named "t", and short term load
average over 4. AAGGGHHH!
shutdown -h now !
pull network cable
reboot
look for damage,
30 matches
Mail list logo