brute force ssh attack

Matthew Miller mattdm at mattdm.org
Thu Apr 28 13:40:17 UTC 2005 

On Thu, Apr 28, 2005 at 09:11:18AM -0400, William Hooper wrote:
> So it's on the same threat level as a bash script that does "rm -f /*". 

Oh come on. It's somewhat worse than that, since its effects aren't
immediately obvious. If the original poster had done that, he would have
realized immediately that Something Bad had happened. In this thread though,
it was actually a virus scanner that told us -- the original poster realized
something was wrong because the virus happens to have some flaws (maybe
exec-shield is offering protection here) and caused some infected programs
to fail, but didn't know what.

This particular virus is basically a proof-of-concept -- it's not a stretch
of the imagination at all to see that there could easily be ones which are
more clever at hiding themselves. And I guarantee that as Linux becomes more
popular, there *will* be more, *even* without a better means to spread than
running in userspace and hoping for a shot at root access.

> If you can get someone to run an executable as root, then you can do just
> about anything you want.  The only exception would be if they did a good
> job with SELinux, but if they did a good job with SELinux they wouldn't be
> running unknown executables as root.

As Linux becomes more popular, there will be more and more 'inexperienced
sysadmins' -- that is, people who heard that Linux was better than Windows
and just want it to go on their system. Unless we start teaching good
sysadmin practices in grade school (which I'm all for, honestly), this issue
is going to become more and more of a problem. Education is part of the
solution, and technical measures like SELinux and better end-user-targetted
config tools definitely are too. But saying that this is just PBCAK and
dismissing it as not a real threat is just burying our heads in the sand.


-- 
Matthew Miller           mattdm at mattdm.org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>
Current office temperature: 75 degrees Fahrenheit.

More information about the fedora-list mailing list