Re: Security problem
> At our school our system administrator (who is very good) was
> running Red Hat 5.1 and someone broke in and got root privileges.
> Since he had written a Lan watch, we think we know how it happened.
>
> The Lan Watch showed someone form Israel send a very long
> packet to mountd. Shortly after, two names were added to
> the password file with user id 0. We suspect that
> /etc was NFS mounted with write permission. Afterwards
> there were logins from the two added names and rsh was changed.
mounting anything NFS with write permission is just plain stupid.
Matthew
--
Elen sila lumenn' omentielvo
Steward of the Cambridge Tolkien Society
Selwyn College Computer Support
http://www.geocities.com/Area51/Chamber/8841/
http://www.cam.ac.uk/CambUniv/Societies/tolkien/
http://pick.sel.cam.ac.uk/
Reply to: