[ILUG] SSH dictionary attacks.
paul at clubi.ie
paul at clubi.ie
Thu Aug 24 17:02:29 IST 2006
On Thu, 24 Aug 2006, Badger wrote:
> I was generalising when I said "keystroke logger of sorts" - I was
> actually thinking about some sort of simple logger that you could
> run out of .bash_profile when the user loggers in. Alternatively,
> it could be a wrapper for ssh that you place in the users ~/.bin
> and change their $PATH. In such cases you wouldn't require extra
> privileges.
Yeah, keyloggers are quite possible with same privileges as the
targetted user. Indeed I don't think the user themselves need be able
detect it (but other users could).
IIRC, Colm MacCartaigh (sic) had a write up somewhere about login
script keyloggers..
regards,
--
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
Fortune:
A definition of teaching: casting fake pearls before real swine.
-- Bill Cain, "Stand Up Tragedy"
More information about the ILUG
mailing list