[TAG] (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1
ny at youngman.org.uk
Sat Jan 27 23:53:57 MSK 2007
On or around Saturday 27 January 2007 15:16, Sindi Keesan reorganised a bunch
of electrons to form the message:
> Okay. A friend said they could sniff my packets for my login and
> password. But how would they put any files onto my machine? I am not
> running lpd, telnetd, ftpd or even httpd. Can they transfer files when I
> simply run pppd and ssh or lynx?
If your ssh package provides scp or sftp, then yes, if they've cracked your
machine they would be able to copy stuff onto it.
> > How would they attack without you noticing? Well, how would you notice?
> > Are you even looking?
> > Do you monitor the logs? Do you run chkrootkit regularly? Do you monitor
> > portscans?
> /var/log/ shows which packages were installed not portscan info.
> We do not have chrootkit.
It sounds like you wouldn't notice.
> I found a Wiki-type entry about portscan, a series of probes sent to one
> or more ports of a target system looking for information. Most linux
> distributions don't include the tools to monitor them. (Not just ours).
> We have an nmap add-on for scanning hosts on the network and determining
> which services they are running. Downloaded it. No documentation.
> 101 pages of man page online. I don't understand much of it.
> nmap -A -T4 127.0.0.1 (localhost)
> All 1663 scanned ports are closed.
I'm no expert either, but I would say that's encouraging.
More information about the TAG