Rootshell pages hacked
Alex P. Rudnev
alex at Relcom.EU.net
Thu Nov 5 19:00:09 UTC 1998
Btw. I know exactly where does hackers get troyaned SSHD from, and I am
sure they begin to install it more and more. We can't exclude if some day
the original SSH daemon /or, for a joke, Microsoft NT/) will be troyaned
from the very start point.
On Thu, 5 Nov 1998, Michael Freeman wrote:
> Date: Thu, 5 Nov 1998 12:30:11 +0000 (Local time zone must be set--see zic manual page)
> From: Michael Freeman <mikef at boris.talentsoft.com>
> To: "Alex P. Rudnev" <alex at relcom.EU.net>
> Cc: dhiraj murthy <soa at funkytekno.exodus.net>,
> "Adam D. McKenna" <adam at flounder.net>, Joe Shaw <jshaw at insync.net>,
> JR Mayberry <rick at magpage.com>, neil <neil at junior.uwc.ac.za>,
> Russ Haynal <russ at navigators.com>, nanog at merit.edu
> Subject: Re: Rootshell pages hacked
>
> Me three. If they don't turn up I think I am going to make the
> modifications myself. I am using an old s/key implmentation though, from
> thumper.bellcore.net I believe, anyone know of any others? Thanks.
>
> On Thu, 5 Nov 1998, Alex P. Rudnev wrote:
>
> > Btw, it's of great interest for me too.
> >
> >
> > On Thu, 5 Nov 1998, dhiraj murthy wrote:
> >
> > > Date: Thu, 5 Nov 1998 11:49:19 -0500 (EST)
> > > From: dhiraj murthy <soa at funkytekno.exodus.net>
> > > To: "Alex P. Rudnev" <alex at Relcom.EU.net>
> > > Cc: Michael Freeman <mikef at boris.talentsoft.com>,
> > > "Adam D. McKenna" <adam at flounder.net>, Joe Shaw <jshaw at insync.net>,
> > > JR Mayberry <rick at magpage.com>, neil <neil at junior.uwc.ac.za>,
> > > Russ Haynal <russ at navigators.com>, nanog at merit.edu
> > > Subject: Re: Rootshell pages hacked
> > >
> > > I am trying to get ssh working with skey. anyone know where to get patches
> > > to force 1.2.6 to do this?
> > >
> > > thanks,
> > >
> > > -dhiraj
> > >
> > > On Mon, 2 Nov 1998, Alex P. Rudnev wrote:
> > >
> > > > SSh withouth S/KEy or some kind of one time password is useless in case
> > > > of any compromyse passwords (except the case when you'd like to restrict
> > > > acxcess to the trusted set of hosts). SSH itself do not believe to be a
> > > > problem, UNIX one-time passwords are real problem. Another bad problem is
> > > > _the same UNIX password for all purposes_ - I can sniff your FTP password
> > > > and use it for SSH access (for example).
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Sat, 31 Oct 1998, Michael Freeman wrote:
> > > >
> > > > > Date: Sat, 31 Oct 1998 14:45:51 +0000 (Local time zone must be set--see zic manual page)
> > > > > From: Michael Freeman <mikef at boris.talentsoft.com>
> > > > > To: "Adam D. McKenna" <adam at flounder.net>
> > > > > Cc: Joe Shaw <jshaw at insync.net>, JR Mayberry <rick at magpage.com>,
> > > > > neil <neil at junior.uwc.ac.za>, Russ Haynal <russ at navigators.com>,
> > > > > nanog at merit.edu
> > > > > Subject: Re: Rootshell pages hacked
> > > > >
> > > > > It is not a fucking problem in SSH! Jesus christ, people do not listen.
> > > > > If it had anything to do with ssh, heres what happened. (speculation) A
> > > > > trusted host was compromised that Kit Knox or another rootshell staff
> > > > > member used, ssh was trojaned and passwords were snagged, and the intruder
> > > > > simply walked right in through the front door. Nothing sophisticated,
> > > > > nothing fancy, no ssh remote exploits.
> > > > >
> > > > > On Thu, 29 Oct 1998, Adam D. McKenna wrote:
> > > > >
> > > > > > They claim they were running only qmail, apache and ssh, but who knows if
> > > > > > that's true.
> > > > > >
> > > > > > I have heard rumours about an ssh exploit but nothing concrete.
> > > > > >
> > > > > > --Adam
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Joe Shaw <jshaw at insync.net>
> > > > > > To: JR Mayberry <rick at magpage.com>
> > > > > > Cc: neil <neil at junior.uwc.ac.za>; Russ Haynal <russ at navigators.com>;
> > > > > > nanog at merit.edu <nanog at merit.edu>
> > > > > > Date: Thursday, October 29, 1998 2:36 PM
> > > > > > Subject: Re: Rootshell pages hacked
> > > > > >
> > > > > >
> > > > > > I thought they were runnign qmail?
> > > > > >
> > > > > > Joe
> > > > > >
> > > > > > On Thu, 29 Oct 1998, JR Mayberry wrote:
> > > > > >
> > > > > > > Supposedly sendmail 8.9.1 is to blame, not ssh.
> > > > > > > http://www.sendmail.com/sendmail.8.9.1a.html
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > > Aleksei Roudnev, Network Operations Center, Relcom, Moscow
> > > > (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
> > > > (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
> > > >
> > >
> > >
> >
> > Aleksei Roudnev, Network Operations Center, Relcom, Moscow
> > (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
> > (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
> >
>
>
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
More information about the NANOG
mailing list