[Dshield] SuSe Backdoors?

Steven VanDeBogart steve at bob.reno.nv.us
Tue Mar 2 15:06:04 GMT 2004


the point is that if my box had been rooted ,i would see traffic outbound.I 
'm not going to know which way traffic is going without a sniffer of some 
sort.Ports are shut down to a minimum number,enough for MTA,HTTPd,and Samba 
on the inside.the firewall logs are to show me who's beating on the door 
and the access log shows what is getting pushed out to whom,but any other 
traffic isn't shown by any other method I know.Please give me an alterant.

At 12:29 AM 3/2/04, you wrote:
>While I do agree that SUSE probably doesn't have a backdoor, the fact
>that you "run ethereal on a regular basis" is no indication that no
>backdoor is present. It only tells you that, if a backdoor is present,
>then it's either not being used when you run your sniffer or you
>haven't identified the traffic as harmful or it is stealthy enough so
>you can't pick it up from the host itself.
>
>That being said, it's pretty unlikely that such backdoor exists:
>
>1/ It's not needed.
>2/ Even if for some obscure reason it was implemented anyway it would
>show on your port scan: a developpment backdoor isn's written to
>be stealth.
>3/ It would have been picked up a long time ago.
>
>That being said, if you're worried about such problems then your only
>available solution is to pickup a source code distro as Johannes
>advised and to perform an extensive source code audit.
>
>Good luck,
>Stephane
>
>
>
>
>SV> Dear WB,
>SV> I've been running Suse,8.0,8.2,for about 2 years, run ethereal on a 
>regular
>SV> basis and read the logs daily,before that was Slackware 7.2.
>SV> I have NEVER seen a any traffic that was suspicious except inbound.
>SV> I think what you are hearing is typical FUD.
>SV> just my .02
>SV> Steve
>
>SV> At 06:48 PM 3/1/04, you wrote:
> >>A branch of my organization is evaluating using Novell's version of SuSe.
> >>I've heard rumors that SuSe has built-in backdoors, put there by the
> >>original developers, to allow access during the development process, and
> >>they still exist.  Does anyone have any more info on this?
>
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list