[Dshield] SuSe Backdoors?

Tony Earnshaw tonye at billy.demon.nl
Tue Mar 2 17:55:19 GMT 2004


tir, 02.03.2004 kl. 16.06 skrev Steven VanDeBogart:

> the point is that if my box had been rooted ,i would see traffic outbound.

If your "box" (presuming *nix)  had been rooted, you wouldn't
necessarily see anything, until you were blown up, after you'd been
robbed of everything you have.

We aren't talking about the 1,000-to-one ignoramus exploits everyone is
seeing nowadays. We're talking about professional crackers who know
their job through and through. Today's kiddie and mafia (small "m")
mass-crackers rely on the weakness of a particular, closed-source OS.
And it's no secret that just about all of today's attacks depend upon
well-aimed social engineering aimed at ignorami, rather than technical
prowess.

Please, someone, begin reporting on mass Unix or Linux exploits (other
than the famed Apache open proxy stuff, which is again due to system
administration by rampant ignorami).

There /is/ no SuSE backdoor, wake up. Other than there's any RedHat,
BSD, UnixWare, Solaris or True64 backdoor. But root exploits on any *nix
system certainly do exist and /are/ practiced and /do/ work. But one
rarely discovers them by watching for "traffic outbound".

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl




More information about the list mailing list