> At our school our system administrator (who is very good) was > running Red Hat 5.1 and someone broke in and got root privileges. > Since he had written a Lan watch, we think we know how it happened. > > The Lan Watch showed someone form Israel send a very long > packet to mountd. Shortly after, two names were added to > the password file with user id 0. We suspect that > /etc was NFS mounted with write permission. Afterwards > there were logins from the two added names and rsh was changed.
mounting anything NFS with write permission is just plain stupid. Matthew -- Elen sila lumenn' omentielvo Steward of the Cambridge Tolkien Society Selwyn College Computer Support http://www.geocities.com/Area51/Chamber/8841/ http://www.cam.ac.uk/CambUniv/Societies/tolkien/ http://pick.sel.cam.ac.uk/
