-
SECURITY WARNING ! sshd vulnerable in knoppix 3.2
Hi!
i havd had 3 boxes with KNOPPIX 3.2 04.28 (i think) hacked !
the hacker came in through the sshd (3.2.1-p1) which was bundled with KNOPPIX!
downgrade your sshd guys !
k[/b][/i]
-
Senior Member
registered user
With the facts you have presented here, IMHO you should have stated this as more of a question than as a definative known vulnerability. There are a lot of unanswered questions.
Have you researched the particular version of SSH for any known vulnerabilities? If there are none, can you provide more details? Is there NO way that the hacker could have not obtained your password through social engineering, etc. What do your logs show on your box? Is there any third party support for your recommendation?
keep knopping,
~paul
-
Senior Member
registered user
Re: SECURITY WARNING ! sshd vulnerable in knoppix 3.2
--First of all, you are using an old rev ( 4-28 ). This is the reason I switched all my Linux boxen over to Knoppix/Debian: apt-get upgrade.
' dpkg -l|grep ssh '
ssh 3.6.1p2-2
--I would recommend you UPgrade your box, not DOWNgrade it. My server has been running Knoppix with on-demand DSL since May (2003-05-03 release) and I haven't been hacked.
--Check your box with ' nmap localhost ' and stop all services that you don't absolutely need. Here's a script to help:
# BEGIN stopsvcs (don't forget to chmod +x it)
#!/bin/sh
/etc/init.d/proftpd stop
/etc/init.d/inetd stop
/etc/init.d/portmap stop
/etc/init.d/nfs-kernel-server stop
/etc/init.d/nfs-common stop
killall smail
ps ax
nmap localhost
#================
--I recommend you DL the latest rev (2003-06-06 as of this writing) and reinstall from scratch. Then run the above script. Here's another helpful script:
# BEGIN updt
Code:
#!/bin/sh
apt-get update
apt-get -u upgrade
#debsort
mv -f -v ~/DEBInstalled.list ~/DEBInstalled.list.prev ; \
dpkg -l >~/DEBInstalled.list
Originally Posted by
jonatan
Hi!
i havd had 3 boxes with
KNOPPIX 3.2 04.28 (i think) hacked !
the hacker came in through the
sshd (3.2.1-p1) which was bundled with KNOPPIX!
downgrade your sshd guys !
k[/b][/i]
Similar Threads
-
By mike208 in forum General Support
Replies: 3
Last Post: 08-11-2004, 12:19 AM
-
By birkett in forum Hardware & Booting
Replies: 18
Last Post: 01-05-2004, 04:15 PM
-
By A. Jorge Garcia in forum General Support
Replies: 13
Last Post: 11-02-2003, 09:42 PM
-
By ryanjulian in forum Customising & Remastering
Replies: 3
Last Post: 09-20-2003, 08:06 AM
-
By ml1979 in forum Networking
Replies: 5
Last Post: 09-02-2003, 05:35 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Brand New Cisco GLC-LH-SMD 1000BASE-LX/LH SFP Module 1310nm 10km SMF LC
$10.99
New Precision DWDM SFP+ 10G 80km Tunable Transceiver 50GHz C-Temp DWDM-SFP10G-C
$90.00
CISCO SFP-10G-LR Transceiver Single Mode 10-2457-02 10GBase-LR 1310nm Module
$17.08
Lot (10) Dell 0N8TDR 850nm SFP-10G-SR-85C 10Gbs sfp+ FTLX8574D3BNL-FC N8TDR NEW
$68.00
ProLabs 10GBase-TX SFP+ RJ-45 Copper Transceiver Module P/N: SFP-10GBASE-T-C NEW
$34.99
Genuine Cisco SFP-10G-SR Transceiver Module (10-2415-03)
$5.85
Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module 10-2415-03
$8.00
Cisco SFP-H10GB-CU1M 10Gb SFP Cable 1 Meter@KH
$10.00
New Sealed Cisco GLC-LH-SMD 1000BASE-LX/LH SFP Transceiver Module *US Shipping*
$9.50
Original CISCO SFP-10G-SR V03 10-2415-03 850nm 10GBASE-SR SFP+ Multi mode Module
$6.80