Re: Virus - did it infect "secure" machines


William Sommerfeld (wesommer@athena.mit.edu)
7 Nov 88 20:18:47 GMT


[FYI: it's spelled "Kerberos", not "Kerebos"]

In article <1792@sbcs.sunysb.edu> root@sbcs.sunysb.edu (root) writes:
>Does anyone know whether the sendmail virus was able to infect
>the machines protected by Kerberos?

First of all, machines aren't (directly) protected by Kerberos;
network services are. So, if you run sendmail with debug turned on,
or a fingerd without the range check, or a normal rlogind while
.rhosts files abound, you're vulnerable. So, yes, a few people who
administer systems here at Athena were a little careless, and
installed mailers with "debug" enabled, and some even left .rhosts in
places.

The virus didn't get very far at Athena, mostly thanks to from "second
order effects" of kerberos--our fileservers don't run any more daemons
than they have to, or allow remote logins to mere mortals, and most of
our operations staff have been educated about using passwords which
are in a dictionary.

>No flames, please, the question
>isn't a statement against Kerberos per se; I just wonder whether
>clever people will always find ways into "secure" Unix boxes.

If you want to have some hope of containing things while connected to
a network, be _very_ careful about the network services you run, and
don't run any more servers than you need.

                                        - Bill



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT