LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Other *NIX
User Name
Password
Other *NIX This forum is for the discussion of any UNIX platform that does not have its own forum. Examples would include HP-UX, IRIX, Darwin, Tru64 and OS X.

Notices


Reply
  Search this Thread
Old 10-06-2004, 01:00 AM   #1
securitycheck
LQ Newbie
 
Registered: Oct 2004
Posts: 1

Rep: Reputation: 0
unix password security


hi everyone,
my telnet account was hacked by some one lastday and he entered my account and tampered my files.i came to know about it and i changed my password.still within 3hours he entered my acoount with my new password.can anyone tell me how he finds it.at first he enters his telnet account and then types telnet prithvi again,and enters my account,so that if i finger him ip will be shown as prithvi...how can i find his original id or how can i trace him....help me...send ur comments to mailtoprotect-at-yahoo.com...please...
but i also tried using more secure putty instead of telnet still it was hacked..
tell me a means to find him or trace him
 
Old 10-06-2004, 03:02 AM   #2
christhom
Member
 
Registered: Sep 2004
Distribution: Debian sarge/sid
Posts: 41

Rep: Reputation: 15
ha! if you are *STILL* using telnet despite the bazillion warnings out there, you almost deserve to get cracked! Telnet sends your password in clear text. So all the guy has to do is see your packets go by - i.e. be in between you and the machine you're telnetting to. It's really quite simple - play with something like ethereal to see how it might be done.

The solution:
1) NEVER NEVER NEVER NEVER NEVER use telnet! I can't stress this strongly enough. It's really a very dumb thing to do!
2) Now that you know 1), use ssh instead. ssh (secure shell) will encrypt the communications so the guy can't just see your password. With a resonably-sized key, they won't be able to crack the connection. putty has the option to connect via telnet (port 23) or ssh (port 22). always select ssh.
3) similar to 1), never use ftp either. ftp sends your password in clear text, just like telnet and is just as vulnerable. use either sftp or scp or "rsync -e ssh" instead. All are replacements that use encryption.

A very simple ways to track the person:
try the command "last". If they're really dumb, then the machine they're coming in from will be in the logs. If this person has any brains though, that machine will just be a relay - one step in a chain of computers you'll have to follow to find the person. It's hard work...unless the guy is sitting next to you (a friend mucking around) it's unlikely you'll get them.
 
Old 10-07-2004, 12:07 AM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You should also disable telnetd, since at least one Linux distribution ships with a build of telnetd that is suceptible to buffer overflows. Head over to the Security forum here and check out the stickied post at the top on security resources. It sounds like you really need to harden your box some more.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
pls help with Unix net security interview linuxistan Linux - Networking 3 10-18-2004 03:16 AM
Just change Samba password, not Unix password? sorrodos Linux - Networking 1 08-14-2003 07:52 PM
UNIX Security wincrk Linux - Security 8 07-02-2003 10:30 AM
SAMBA UNIX password synchronization sewer_monkey Linux - Networking 2 10-30-2002 11:38 AM
security flaws threaten unix and linux systems..... Ich_hoffe Linux - Security 1 07-16-2002 06:03 AM

LinuxQuestions.org > Forums > Other *NIX Forums > Other *NIX

All times are GMT -5. The time now is 10:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration