Linux hack

[kevaljd]

My friend demonstrated linux loopholes (which he never told me)
he just asked my IP address, I gave.

Chk what happened next:

http://i38.tinypic.com/2r5uy3d.jpg

ps aux displayed no other processes than the once going in my logic...
He mentioned something related to sshd, now what is that, i dunno!

Chk the upload speed.... I never got download speed this much!

thats called advertising IMO,, you should know thats not allowed on the forum

[kevaljd]

Hey Demz..
There seems to be a misunderstanding...
I thought I would attach file on my hosting site and then share it... but it just aint workin seriously got no idea... will edit it in a bit.....


EDIT:
DONE! Now u can chk the link above and see it urself

Quote:

Originally Posted by kevaljd

Hey Demz..
There seems to be a misunderstanding...
I thought I would attach file on my hosting site and then share it... but it just aint workin seriously got no idea... will edit it in a bit.....

you cant attach files or pictures direct from your PC an upload to the forum

nothing about hacking on this forum is tolerated, so if it is,, this thread will be sent straight to trash

[kevaljd]

ok cool!
no issues..
go on...

I dunno how to delete thread...

just wanted to share some things that 99% people don't know

[YeOK]

That looks to me like a syn flood attack, iptables will take care of that, just google it. You should also be asking why your SSHd is open to the internet anyway, even my webserver's have SSHD locked down to just a few IP addresses.

[Jake]

I think you will find that is only insecure, because of your self. not the OS. you can EASILY block those minor tricks.

[kevaljd]

Quote:

Originally Posted by JakeS

I think you will find that is only insecure, because of your self. not the OS. you can EASILY block those minor tricks.

In a way, I buy your point!
I confirmed with my friend. He did it through SSHD and tricked me as he got the correct GUESS of my root password. He did a replication of my hard disk to his hard disk. What amazed me is the speed at which packets were SHOOTING... I have never seen anything like this before so I captured it on the spot.

[pete_1967]

Quote:

Originally Posted by kevaljd

In a way, I buy your point!
I confirmed with my friend. He did it through SSHD and tricked me as he got the correct GUESS of my root password. He did a replication of my hard disk to his hard disk. What amazed me is the speed at which packets were SHOOTING... I have never seen anything like this before so I captured it on the spot.

Few lessons you can learn from this:
1- NEVER allow root logins on SSH
2- ALWAYS use STRONG, un-guessable root password
3- ALWAYS use key-based authentication for SSH.
4- NEVER leave any ports you don't need, open in your firewall
5- ALWAYS disable unused services

Implement 1 to 3 if you need SSH server running on your box and ask your friend to try again and see what happens.

Additionally you can run, for example, denyhosts to automatically block IP addresses after set number of failed connection attempts etc.

[joe.pelayo]

Quote:

Originally Posted by pete_1967

Few lessons you can learn from this:
1- NEVER allow root logins on SSH
2- ALWAYS use STRONG, un-guessable root password
3- ALWAYS use key-based authentication for SSH.
4- NEVER leave any ports you don't need, open in your firewall
5- ALWAYS disable unused services

Implement 1 to 3 if you need SSH server running on your box and ask your friend to try again and see what happens.

Additionally you can run, for example, denyhosts to automatically block IP addresses after set number of failed connection attempts etc.

Apparently that is Ubuntu, so it might not have been that hard (sudo).

Thanks.
Joe.

[aleph]

+1 for denyhosts

You know, using password-based authentication for SSH is always a BAD IDEA. It only checks something you know (the password). The advantage of key-based authentication is that you have to provide something you know (the passphrase to decrypt the key) AND something you have (the key).

I recommend you read this fine article by Bruce Schneier: http://www.schneier.com/blog/archive...ng_secure.html

You'll see how easy it is to crack an average password now.

Your friend gave you a very good lesson. Personally I'm amazed to see that you had *not* been cracked like this before. (Or perhaps you have been, but you just didn't know it). In August I spend a month at my home town where I used a local ISP's ADSL service so I got a public IP address. In the very first day, I discovered some presumably rooted hosts trying to crack me like crazy. They tried my root and a bunch of other username's passwords like several thousand times in a few hours (which was in vain). In the next days I just watched my denyhosts blacklist growing and growing...

Another tip: create a group like "ssh_denied", and put everyone you don't wish to grant remote login for in the group, no matter human users or non-human ones. Put the line in your SSHD configuration file: "Denygroups sshd_denied".