[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: su - user question

martin f krafft wrote:

also sprach Adam Warner <lists@consulting.net.nz> [2002.01.21.1444 +0100]:

Martin, it's a server in my spare room :-) The only person installing a
backdoor on the server would be an unlawful intruder. Or a cat who can
type ;-) Your points are well taken and I would follow the same security
practices as you.

as sad as it sounds, unlawful intruders happen. this being a true story,
i have 11 machines in my spare room, and my house was broken in once.
the *only* thing the intruder did was reboot one of the machines (that
was his mistake) and install a backdoor via init=/bin/sh at the boot
prompt. my logs screamed (i have redundant logging), i found the
backdoor, had a honeypot on, and didn't have to wait 3 hours for the
intruder to try to login. he didn't have to wait 3 hours for the police
to show up.

Woah, that does sound a little far-fetched. I am assuming there is a little more to this story? I would think most *physical* intruders would try to nab DVD players, valuables, and money, not wander into a spare room and whip out some UNIX skills to break into machines. Well, if I were a robber, I would certainly just take machines and not concern myself with having remote access to them. Hmm, likely most people that know about init=/bin/sh have enough money to not have to break into places.

Hmm, maybe the recession has made life so bad that script kiddies can't afford ISPs any longer, and thus need to have physical access to machines to do their IRC takeovers...

There has to be more there, like you offended someone you know and he wandered to your house or your some sort of spy that knows people that do that stuff ;) Just a little healthy skepticism...
-A. Dave

Reply to: