Hi!

i havd had 3 boxes with KNOPPIX 3.2 04.28 (i think) hacked !

the hacker came in through the sshd (3.2.1-p1) which was bundled with KNOPPIX!

downgrade your sshd guys ! :)


k[/b][/i]

With the facts you have presented here, IMHO you should have stated this as more of a question than as a definative known vulnerability. There are a lot of unanswered questions.

Have you researched the particular version of SSH for any known vulnerabilities? If there are none, can you provide more details? Is there NO way that the hacker could have not obtained your password through social engineering, etc. What do your logs show on your box? Is there any third party support for your recommendation?

keep knopping,

~paul

--First of all, you are using an old rev ( 4-28 ). This is the reason I switched all my Linux boxen over to Knoppix/Debian: apt-get upgrade.

' dpkg -l|grep ssh '
ssh 3.6.1p2-2

--I would recommend you UPgrade your box, not DOWNgrade it. My server has been running Knoppix with on-demand DSL since May (2003-05-03 release) and I haven't been hacked.

--Check your box with ' nmap localhost ' and stop all services that you don't absolutely need. Here's a script to help:

# BEGIN stopsvcs (don't forget to chmod +x it)
#!/bin/sh
/etc/init.d/proftpd stop
/etc/init.d/inetd stop
/etc/init.d/portmap stop
/etc/init.d/nfs-kernel-server stop
/etc/init.d/nfs-common stop
killall smail

ps ax
nmap localhost

#================

--I recommend you DL the latest rev (2003-06-06 as of this writing) and reinstall from scratch. Then run the above script. Here's another helpful script:

# BEGIN updt


#!/bin/sh
apt-get update
apt-get -u upgrade
#debsort
mv -f -v ~/DEBInstalled.list ~/DEBInstalled.list.prev ; \
dpkg -l >~/DEBInstalled.list


Hi!

i havd had 3 boxes with KNOPPIX 3.2 04.28 (i think) hacked !

the hacker came in through the sshd (3.2.1-p1) which was bundled with KNOPPIX!

downgrade your sshd guys ! :)


k[/b][/i]