| 1 |
> Alternatively I was running vulnerable/compromised software. My box |
| 2 |
> has sshd running, root login in ssh is not allowed, and pubkey only |
| 3 |
> logins (no passwords). It is behind a wireless router but port 22 is |
| 4 |
> open and pointing to this box, and a few others needed by other |
| 5 |
> applications. So I will check out which keys exist on the compromised |
| 6 |
> machine and make sure I recognize them all. I'll also need to check |
| 7 |
> the status of any other computer my key is stored on (a mix of linux & |
| 8 |
> windows, and my mobile phone). Sigh... |
| 9 |
> |
| 10 |
|
| 11 |
Since you're sshd setup is pretty secure i'd look at other network services. |
| 12 |
What else was running, and were there any servers that were only available |
| 13 |
from the local net (or were less protected from connections from the local |
| 14 |
net) than the Internet? That's the only case where a router compromise would |
| 15 |
assist in attacking your gentoo box. |
| 16 |
|
| 17 |
There have been some web browser based attacks that have come out against |
| 18 |
routers recently. They run the attack on your browser (cross site scripting |
| 19 |
IIRC) to get access to the web interface of the router because that is |
| 20 |
typically not available via the Internet side interface. Then then run a |
| 21 |
password guessing attack. Did your router have a strong password? |
Archives