Dan,
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dan Horth
> Sent: Monday, September 18, 2000 5:19 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Help ! This is a exploit ? What I do to do .
>
>
> seems like a brute force attack on your ftp server - indications are
> that the attack was successfully averted... but you really should do
> plenty of other checks before deciding that your server is secure...
> try this checklist:
>
> http://www.cert.org/tech_tips/intruder_detection_checklist.html
>
> it's interesting that they're trying specific user names towards the
> end rather than just generic accounts such as root and bin and lp...
> they got those names from your /etc/passwd file which is being
> publicly advertised right now (I had a look just then) on your ftp
> server... if you had shell access enabled for any of your users in
> that list, with weak passwords on them then the attacker would have
> been able to get local user access pretty easily on your server...
> https://listman.redhat.com/mailman/listinfo/redhat-list
Couldn't he just chmod /etc/passwd to 600? Thus disallowing viewing of this
file. What are the problems that may arise from this change?
Scott
[EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
