Re: How could this account have been cracked?
- From: "robb@xxxxxxx" <robb@xxxxxxx>
- Date: 25 Sep 2006 12:41:41 -0700
Thanks for the replies -
Ian Kilgore wrote:
Can you clarify on the meaning of 'console'? Do you mean you logged in
to the compromised machine remotely from a box in your office, or do you
mean that you logged into the compromised machine via /its/ console (ie
not remotely)?
Yes - from the Machine's console.
I never connected remotely to the box as that user.
process, etc.
Arguably, that sounds like there was no 'person' involved, just an ssh
bot.
Interesting.
I realized that my security scheme had lagged behind my lifestyle: I
only now ever connect remotely from one location, and so I now deny all
ssh connections by default and allow just the one.
Does anyone know - is there a rootkit that can circumvent hosts.deny
as I described above?
.
- Follow-Ups:
- Re: How could this account have been cracked?
- From: Nathanael Hoyle
- Re: How could this account have been cracked?
- From: Ian Kilgore
- Re: How could this account have been cracked?
- References:
- How could this account have been cracked?
- From: robb@xxxxxxx
- Re: How could this account have been cracked?
- From: Ian Kilgore
- How could this account have been cracked?
- Prev by Date: Re: opening a port
- Next by Date: Re: How could this account have been cracked?
- Previous by thread: Re: How could this account have been cracked?
- Next by thread: Re: How could this account have been cracked?
- Index(es):
