SSH with potato, not very secure?
Hi,
I installed potato three weeks ago, only adding debian-packages with
dselect and apt-get. I didn't add much either. The problem was that:
1) I noticed that somebody had logged in to my computer using my username.
I can't see how they could have discovered my password (7 letters,
containing both lower/upper case and numbers). According to "last" the
person only was in for 3 minutes, but I don't know what will show in last
and what will not, so he might have been there longer and more often for
all I know. I have never sent this password in clear text. (Like e-mail,
ftp, etc.) (He logged in as a regular user, not root.)
2) When inspecting /var/log/messages I noticed quite a lot of attempts to
send a buffer overflow (or something like that) on the port running
rcp.statd. Is there some security hole there I am not aware of? I have
removed portmap from init.d to make sure it is not started again. Are
there some other services I should be aware of?
3) I couldn't find any "obvious" back-doors, but that doesn't necessarily
mean that there were none, so be on the safe side, I re-installed linux,
and am now using SSH2.4 from www.ssh.com. Hopefully I won't have to do
this again. :-)
I am definitely going to install some sort of firewall, are there any
recommendations? ipchaining is not supported in my kernel as of now, so I
will compile a new kernel when I get the time. But, are there any
documentation available discussing recommendations regarding security? (I
am not paranoid, but would like it to be as hard as possible to get
unauthorized access to my computer)
Regads,
Runar
Reply to: