On 2002-02-06 14:05, Artem 'Zazoobr' Ignatjev wrote:
> > From owner-freebsd-securityFreeBSD.ORG Tue Feb 5 22:59:39 2002
> > Date: Tue, 05 Feb 2002 12:54:41 -0700
> > To: Victor Grey <victorcustomdynamic.net>, <freebsd-securityFreeBSD.ORG>
> > From: Brett Glass <brettlariat.org>
> > Subject: Re: Is this evidence of a break-in attempt?
> >
> > In a word, yes. Looks like they went to the box with a
> > keyboard and a mouse, rebooted, and tried to log in.
> > Clearly, they were so clueless that they did not know
> > about single-user mode.
> >
> Well, if console is marked as `insecure' (which is MY default policy)
> single mode couldn't help them too much.
> But there is a way to get contents of any file in root filesystem from
> loader(8), so they could get root hash.

You're assuming the attacker (yes, it was a naive attack of some form)
knows a lot of stuff. He didn't know about single-user mode[1]. He didn't
have enough clue to come with fixit and just power-cycle the box. Is that
the person you're expecting to have the knowledge it takes to use loader
for password stealing+cracking? :P

        "loader? What do you mean? What the heck is that? I just plugged
        in my brand new PS/2 mouse, and a keyboard and rebooted. The
        fscking thing didn't even get to the point where Windows displays
        'Press CTRL+ALT+DEL to log in.' so I pressed CTRL+ALT+DEL a few
        times. Can you guess? Yes, this FreeBSD thing is so obviously
        retarted it does NOTHING when you press CTRL+ALT+DEL! I had to
        power-cycle it again to remove my keyboard and mouse!"

-- 
Giorgos Keramidas . . . . . . . . . keramida{ceid.upatras.gr,freebsd.org}
FreeBSD Documentation Project . . . http://www.freebsd.org/docproj/
FreeBSD: The power to serve . . . . http://www.freebsd.org/
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]