[ILUG] Advice

[Robert Brown]

On Friday 05 July 2002 15:32, Brian O'Donoghue sent nerve impulses to their 
fingers and typed:
> I setup up a Slackware box as a gateway and firewall recenctly.
>
> Some guy who apparently works for a security company claims to have 'done a
> security probe on our ip' and found that we had a telnet and chargen
> exploit amognst others.
>
>
> The thing is that he is living with one of the other developers I work with
> and I have been asked to reveal the root password for my Slackware box.
>
> <Advice appreciated>
> Bod

Without a doubt theres something dodgy here. I have heard of something similar 
before. A mate of mine was working as an NT admin at a small regional English 
building society and in addition to NT boxes there was a VAX and a few Linux 
boxes (running an estates agents website search type of thing). A COBOL 
consultant the society used frequently claimed he had found a weakness in the 
Linux boxes relating to remote logins, but he would not specify what, but he 
did offer to fix it at a price. Smelling something dodgy the society gave him 
a password with root prvilidges and allowed him in to HQ to fix the problem. 
As soon as he was gone they checked the logs, turns out he done absolutley 
nowt, he opened a few files in /etc and that was about it. For his few hours 
work he wanted £4,000! Instead the building society went to the police and 
had him done with fraud.

-- 
Bye for now,
Robert Brown