[Dshield] SuSe Backdoors?

Stephane Grobety security at admin.fulgan.com
Tue Mar 2 08:29:53 GMT 2004


While I do agree that SUSE probably doesn't have a backdoor, the fact
that you "run ethereal on a regular basis" is no indication that no
backdoor is present. It only tells you that, if a backdoor is present,
then it's either not being used when you run your sniffer or you
haven't identified the traffic as harmful or it is stealthy enough so
you can't pick it up from the host itself.

That being said, it's pretty unlikely that such backdoor exists:

1/ It's not needed.
2/ Even if for some obscure reason it was implemented anyway it would
show on your port scan: a developpment backdoor isn's written to
be stealth.
3/ It would have been picked up a long time ago.

That being said, if you're worried about such problems then your only
available solution is to pickup a source code distro as Johannes
advised and to perform an extensive source code audit.

Good luck,
Stephane




SV> Dear WB,
SV> I've been running Suse,8.0,8.2,for about 2 years, run ethereal on a regular 
SV> basis and read the logs daily,before that was Slackware 7.2.
SV> I have NEVER seen a any traffic that was suspicious except inbound.
SV> I think what you are hearing is typical FUD.
SV> just my .02
SV> Steve

SV> At 06:48 PM 3/1/04, you wrote:
>>A branch of my organization is evaluating using Novell's version of SuSe.
>>I've heard rumors that SuSe has built-in backdoors, put there by the
>>original developers, to allow access during the development process, and
>>they still exist.  Does anyone have any more info on this?





More information about the list mailing list