Re: List /home directory without logging in?
From: Bit Twister (BitTwister_at_localhost.localdomain)
Date: 07/05/04
- Next message: Steve Kemp: "Re: List /home directory without logging in?"
- Previous message: Alan Baker: "List /home directory without logging in?"
- In reply to: Alan Baker: "List /home directory without logging in?"
- Next in thread: Steve Kemp: "Re: List /home directory without logging in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 05 Jul 2004 06:37:06 GMT
On 4 Jul 2004 23:19:28 -0700, Alan Baker wrote:
> Someone recently tried to log into all the userids on my Linux box.
> First they connected several times via http, telnet, ftp, pop3, and
> imap but were unsuccessful in logging in. Then they tried every
> userid twice in alphabetical order via SSH. Also unsuccessfully.
> (Use those strong passwords, friends!)
Sounds like /home was visable. Does indicates something has a hole.
If you had your firewall on and blocked inbound conections, they
should not have gotten to the inforamtion.
Since you indicated they connected several times to several services
that would tell me you have no firewall. That would be a basic vuln
you are missing. Can we assume you have been to your vendor's site and
have kept up to date with all fixes/updates.
- Next message: Steve Kemp: "Re: List /home directory without logging in?"
- Previous message: Alan Baker: "List /home directory without logging in?"
- In reply to: Alan Baker: "List /home directory without logging in?"
- Next in thread: Steve Kemp: "Re: List /home directory without logging in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
