[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV System Compromised via Lynx
|
From: |
Alan Cox |
|
Subject: |
Re: LYNX-DEV System Compromised via Lynx |
|
Date: |
Mon, 21 Apr 1997 08:52:54 +0100 (BST) |
> a password file on which cracking had been attempted. Earlier this year
> I was contacted by a sys admin at Princeton University who said that
> several machines at Princeton had been compromised by a user on this
> same machine.
Thats bad news
> Students obtain access to lynx via a menu item on the telnet gateway.
> When they select lynx, the telnet gateway telnets to the lynx client
> host and logs in (login: l-client). The telnet gateway does all
> the telnet and login processing and the user receives a "homepage"
> via lynx.
Problem: You are assuming the original breakin several months ago didnt
involve compromise of system tools like login, the C library or other
places that could allow people to get out. If a machine has been hit
you _have_ to assume its "contaminated".
What OS, What Lynx and do you have any hints in scripts/log files
as to what may have been done ?
If you've not already done so, please notify cert especially if you
can tell from any logs which boxes the password files may have come
from
Alan
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;