Btw, it's of great interest for me too. On Thu, 5 Nov 1998, dhiraj murthy wrote:
Date: Thu, 5 Nov 1998 11:49:19 -0500 (EST) From: dhiraj murthy <soa@funkytekno.exodus.net> To: "Alex P. Rudnev" <alex@Relcom.EU.net> Cc: Michael Freeman <mikef@boris.talentsoft.com>, "Adam D. McKenna" <adam@flounder.net>, Joe Shaw <jshaw@insync.net>, JR Mayberry <rick@magpage.com>, neil <neil@junior.uwc.ac.za>, Russ Haynal <russ@navigators.com>, nanog@merit.edu Subject: Re: Rootshell pages hacked
I am trying to get ssh working with skey. anyone know where to get patches to force 1.2.6 to do this?
thanks,
-dhiraj
On Mon, 2 Nov 1998, Alex P. Rudnev wrote:
SSh withouth S/KEy or some kind of one time password is useless in case of any compromyse passwords (except the case when you'd like to restrict acxcess to the trusted set of hosts). SSH itself do not believe to be a problem, UNIX one-time passwords are real problem. Another bad problem is _the same UNIX password for all purposes_ - I can sniff your FTP password and use it for SSH access (for example).
On Sat, 31 Oct 1998, Michael Freeman wrote:
Date: Sat, 31 Oct 1998 14:45:51 +0000 (Local time zone must be set--see zic manual page) From: Michael Freeman <mikef@boris.talentsoft.com> To: "Adam D. McKenna" <adam@flounder.net> Cc: Joe Shaw <jshaw@insync.net>, JR Mayberry <rick@magpage.com>, neil <neil@junior.uwc.ac.za>, Russ Haynal <russ@navigators.com>, nanog@merit.edu Subject: Re: Rootshell pages hacked
It is not a fucking problem in SSH! Jesus christ, people do not listen. If it had anything to do with ssh, heres what happened. (speculation) A trusted host was compromised that Kit Knox or another rootshell staff member used, ssh was trojaned and passwords were snagged, and the intruder simply walked right in through the front door. Nothing sophisticated, nothing fancy, no ssh remote exploits.
On Thu, 29 Oct 1998, Adam D. McKenna wrote:
They claim they were running only qmail, apache and ssh, but who knows if that's true.
I have heard rumours about an ssh exploit but nothing concrete.
--Adam
-----Original Message----- From: Joe Shaw <jshaw@insync.net> To: JR Mayberry <rick@magpage.com> Cc: neil <neil@junior.uwc.ac.za>; Russ Haynal <russ@navigators.com>; nanog@merit.edu <nanog@merit.edu> Date: Thursday, October 29, 1998 2:36 PM Subject: Re: Rootshell pages hacked
I thought they were runnign qmail?
Joe
On Thu, 29 Oct 1998, JR Mayberry wrote:
Supposedly sendmail 8.9.1 is to blame, not ssh. http://www.sendmail.com/sendmail.8.9.1a.html
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
Me three. If they don't turn up I think I am going to make the modifications myself. I am using an old s/key implmentation though, from thumper.bellcore.net I believe, anyone know of any others? Thanks. On Thu, 5 Nov 1998, Alex P. Rudnev wrote:
Btw, it's of great interest for me too.
On Thu, 5 Nov 1998, dhiraj murthy wrote:
Date: Thu, 5 Nov 1998 11:49:19 -0500 (EST) From: dhiraj murthy <soa@funkytekno.exodus.net> To: "Alex P. Rudnev" <alex@Relcom.EU.net> Cc: Michael Freeman <mikef@boris.talentsoft.com>, "Adam D. McKenna" <adam@flounder.net>, Joe Shaw <jshaw@insync.net>, JR Mayberry <rick@magpage.com>, neil <neil@junior.uwc.ac.za>, Russ Haynal <russ@navigators.com>, nanog@merit.edu Subject: Re: Rootshell pages hacked
I am trying to get ssh working with skey. anyone know where to get patches to force 1.2.6 to do this?
thanks,
-dhiraj
On Mon, 2 Nov 1998, Alex P. Rudnev wrote:
SSh withouth S/KEy or some kind of one time password is useless in case of any compromyse passwords (except the case when you'd like to restrict acxcess to the trusted set of hosts). SSH itself do not believe to be a problem, UNIX one-time passwords are real problem. Another bad problem is _the same UNIX password for all purposes_ - I can sniff your FTP password and use it for SSH access (for example).
On Sat, 31 Oct 1998, Michael Freeman wrote:
Date: Sat, 31 Oct 1998 14:45:51 +0000 (Local time zone must be set--see zic manual page) From: Michael Freeman <mikef@boris.talentsoft.com> To: "Adam D. McKenna" <adam@flounder.net> Cc: Joe Shaw <jshaw@insync.net>, JR Mayberry <rick@magpage.com>, neil <neil@junior.uwc.ac.za>, Russ Haynal <russ@navigators.com>, nanog@merit.edu Subject: Re: Rootshell pages hacked
It is not a fucking problem in SSH! Jesus christ, people do not listen. If it had anything to do with ssh, heres what happened. (speculation) A trusted host was compromised that Kit Knox or another rootshell staff member used, ssh was trojaned and passwords were snagged, and the intruder simply walked right in through the front door. Nothing sophisticated, nothing fancy, no ssh remote exploits.
On Thu, 29 Oct 1998, Adam D. McKenna wrote:
They claim they were running only qmail, apache and ssh, but who knows if that's true.
I have heard rumours about an ssh exploit but nothing concrete.
--Adam
-----Original Message----- From: Joe Shaw <jshaw@insync.net> To: JR Mayberry <rick@magpage.com> Cc: neil <neil@junior.uwc.ac.za>; Russ Haynal <russ@navigators.com>; nanog@merit.edu <nanog@merit.edu> Date: Thursday, October 29, 1998 2:36 PM Subject: Re: Rootshell pages hacked
I thought they were runnign qmail?
Joe
On Thu, 29 Oct 1998, JR Mayberry wrote:
Supposedly sendmail 8.9.1 is to blame, not ssh. http://www.sendmail.com/sendmail.8.9.1a.html
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
At 12:30 +0000 05 November 1998, Michael Freeman <mikef> wrote:
Me three. If they don't turn up I think I am going to make the modifications myself. I am using an old s/key implmentation though, from thumper.bellcore.net I believe, anyone know of any others? Thanks.
On Thu, 5 Nov 1998, Alex P. Rudnev wrote:
Btw, it's of great interest for me too.
On Thu, 5 Nov 1998, dhiraj murthy wrote:
Date: Thu, 5 Nov 1998 11:49:19 -0500 (EST) From: dhiraj murthy <soa@funkytekno.exodus.net> To: "Alex P. Rudnev" <alex@Relcom.EU.net> Cc: Michael Freeman <mikef@boris.talentsoft.com>, "Adam D. McKenna" <adam@flounder.net>, Joe Shaw <jshaw@insync.net>, JR Mayberry <rick@magpage.com>, neil <neil@junior.uwc.ac.za>, Russ Haynal <russ@navigators.com>, nanog@merit.edu Subject: Re: Rootshell pages hacked
I am trying to get ssh working with skey. anyone know where to get patches to force 1.2.6 to do this?
There's a patch for 1.2.23 at: http://www.monkey.org/~dugsong/ssh-skey.patch Haven't tried it, dunno if it will even patch any newer version. -- John Hensley <hensley@merit.edu> Merit Network, Inc.
Btw. I know exactly where does hackers get troyaned SSHD from, and I am sure they begin to install it more and more. We can't exclude if some day the original SSH daemon /or, for a joke, Microsoft NT/) will be troyaned from the very start point. On Thu, 5 Nov 1998, Michael Freeman wrote:
Date: Thu, 5 Nov 1998 12:30:11 +0000 (Local time zone must be set--see zic manual page) From: Michael Freeman <mikef@boris.talentsoft.com> To: "Alex P. Rudnev" <alex@relcom.EU.net> Cc: dhiraj murthy <soa@funkytekno.exodus.net>, "Adam D. McKenna" <adam@flounder.net>, Joe Shaw <jshaw@insync.net>, JR Mayberry <rick@magpage.com>, neil <neil@junior.uwc.ac.za>, Russ Haynal <russ@navigators.com>, nanog@merit.edu Subject: Re: Rootshell pages hacked
Me three. If they don't turn up I think I am going to make the modifications myself. I am using an old s/key implmentation though, from thumper.bellcore.net I believe, anyone know of any others? Thanks.
On Thu, 5 Nov 1998, Alex P. Rudnev wrote:
Btw, it's of great interest for me too.
On Thu, 5 Nov 1998, dhiraj murthy wrote:
Date: Thu, 5 Nov 1998 11:49:19 -0500 (EST) From: dhiraj murthy <soa@funkytekno.exodus.net> To: "Alex P. Rudnev" <alex@Relcom.EU.net> Cc: Michael Freeman <mikef@boris.talentsoft.com>, "Adam D. McKenna" <adam@flounder.net>, Joe Shaw <jshaw@insync.net>, JR Mayberry <rick@magpage.com>, neil <neil@junior.uwc.ac.za>, Russ Haynal <russ@navigators.com>, nanog@merit.edu Subject: Re: Rootshell pages hacked
I am trying to get ssh working with skey. anyone know where to get patches to force 1.2.6 to do this?
thanks,
-dhiraj
On Mon, 2 Nov 1998, Alex P. Rudnev wrote:
SSh withouth S/KEy or some kind of one time password is useless in case of any compromyse passwords (except the case when you'd like to restrict acxcess to the trusted set of hosts). SSH itself do not believe to be a problem, UNIX one-time passwords are real problem. Another bad problem is _the same UNIX password for all purposes_ - I can sniff your FTP password and use it for SSH access (for example).
On Sat, 31 Oct 1998, Michael Freeman wrote:
Date: Sat, 31 Oct 1998 14:45:51 +0000 (Local time zone must be set--see zic manual page) From: Michael Freeman <mikef@boris.talentsoft.com> To: "Adam D. McKenna" <adam@flounder.net> Cc: Joe Shaw <jshaw@insync.net>, JR Mayberry <rick@magpage.com>, neil <neil@junior.uwc.ac.za>, Russ Haynal <russ@navigators.com>, nanog@merit.edu Subject: Re: Rootshell pages hacked
It is not a fucking problem in SSH! Jesus christ, people do not listen. If it had anything to do with ssh, heres what happened. (speculation) A trusted host was compromised that Kit Knox or another rootshell staff member used, ssh was trojaned and passwords were snagged, and the intruder simply walked right in through the front door. Nothing sophisticated, nothing fancy, no ssh remote exploits.
On Thu, 29 Oct 1998, Adam D. McKenna wrote:
They claim they were running only qmail, apache and ssh, but who knows if that's true.
I have heard rumours about an ssh exploit but nothing concrete.
--Adam
-----Original Message----- From: Joe Shaw <jshaw@insync.net> To: JR Mayberry <rick@magpage.com> Cc: neil <neil@junior.uwc.ac.za>; Russ Haynal <russ@navigators.com>; nanog@merit.edu <nanog@merit.edu> Date: Thursday, October 29, 1998 2:36 PM Subject: Re: Rootshell pages hacked
I thought they were runnign qmail?
Joe
On Thu, 29 Oct 1998, JR Mayberry wrote:
> Supposedly sendmail 8.9.1 is to blame, not ssh. > http://www.sendmail.com/sendmail.8.9.1a.html
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
On Thu, 5 Nov 1998, Michael Freeman wrote:
modifications myself. I am using an old s/key implmentation though, from thumper.bellcore.net I believe, anyone know of any others? Thanks.
OPIE and Dr. W.Z. Venema's logdaemon come to mind... The former is best in Linux; the latter is best in everything else. 8-)
participants (4)
-
Adam Rothschild -
Alex P. Rudnev -
John Hensley -
Michael Freeman