Re: Debian Investigation Report after Server Compromises

To: debian-user@lists.debian.org
Subject: Re: Debian Investigation Report after Server Compromises
From: Dave <dmq@gci-net.com>
Date: Wed, 03 Dec 2003 15:20:34 -0700
Message-id: <[🔎] 5.2.1.1.0.20031203151605.00b14758@mail.gain.com>

After reading the report athttp://lists.debian.org/debian-announce/debian-announce-2003/msg00003.htmland following this newsgroup discussion, I have some very basic questions:

1) What is a "sniffed password", and how do they know the attacker used apassword that was "sniffed", rather than just stolen out of someone'snotebook?

2) Was the breakin done remotely, or by someone with physical access tothe machine or network? I thought that "sniffing" required physical accessto a network over which unencrypted data was being transferred. Are theremote logins to Debian servers unencrypted?

3) How does an attacker with a user-level password gain root access? Iunderstand you can call system services that have root access, and providebad data in those calls that will cause buffer overflows, maybe even amachine crash, but how does a buffer overflow allow root access? I knowthere is a deep technical explanation for this, but I'm hoping someone canexplain it in simple terms, or maybe point me to a good article or bookchapter.


-- Dave

Reply to:

Prev by Date: Re: unchecked 31 times
Next by Date: Re: Debian Investigation Report after Server Compromises
Previous by thread: Re: Debian Investigation Report after Server Compromises
Next by thread: Re: Debian Investigation Report after Server Compromises
Index(es):
- Date
- Thread