[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH with potato, not very secure?



Hi,

On Thu, 1 Mar 2001, Runar Bell wrote:

> Hi,
> 
> I installed potato three weeks ago, only adding debian-packages with
> dselect and apt-get. I didn't add much either. The problem was that:

Did you put security.debian.org in /etc/apt/sources.list ?

 
> 1) I noticed that somebody had logged in to my computer using my username.
> I can't see how they could have discovered my password (7 letters,
> containing both lower/upper case and numbers). According to "last" the
> person only was in for 3 minutes, but I don't know what will show in last
> and what will not, so he might have been there longer and more often for
> all I know. I have never sent this password in clear text. (Like e-mail,
> ftp, etc.) (He logged in as a regular user, not root.)
> 
> 2) When inspecting /var/log/messages I noticed quite a lot of attempts to
> send a buffer overflow (or something like that) on the port running
> rcp.statd. Is there some security hole there I am not aware of? I have
> removed portmap from init.d to make sure it is not started again. Are
> there some other services I should be aware of?

This is probely the same bug the ramen-worm is using, if your system is
uptodate debian is not vurnable.
 
> 3) I couldn't find any "obvious" back-doors, but that doesn't necessarily
> mean that there were none, so be on the safe side, I re-installed linux,
> and am now using SSH2.4 from www.ssh.com. Hopefully I won't have to do
> this again. :-)

Use Openssh, opensource leeds to more secure systems and I belive it has
less security bug's. (just keep updated)

> I am definitely going to install some sort of firewall, are there any
> recommendations? ipchaining is not supported in my kernel as of now, so I
> will compile a new kernel when I get the time. But, are there any
> documentation available discussing recommendations regarding security? (I
> am not paranoid, but would like it to be as hard as possible to get
> unauthorized access to my computer)

Take a look at http://www.debian.org/doc/manuals/securing-debian-howto/

A firewall is best runned on a separated box, only essential services, and
a limited command set. (e.g. no gcc no suid binary's etc) Using odd
(alpha,ppc,mk68) hardware also helps a little since most scriptkiddies
don't know what they are doing and there toolkit are based on intel.

Comming on this point, I have some questions aswell.
I wish to use a alpha-udb (nomame) as a masq/firewall, running from
ramdisk and bootp (they took the 2.5" scsidrive :( ). I got it setup,
booting from srm and all, but the memory is limited to only 16mb.  
It needs sshd, pptp, pppd, ipchans or netfilter (2.2.x or 2.4.x).
So howto build this stuff with a minimal space requerements, what to link
staticly/dynamicly howto get a only essential libc (current = 2.8mb)?

Is it posible at all or sould I use a nfs / 2.8mb floppy root?

Any pointer to doc's on this?

[RicV]



Reply to: