1 |
> Alternatively I was running vulnerable/compromised software. My box |
2 |
> has sshd running, root login in ssh is not allowed, and pubkey only |
3 |
> logins (no passwords). It is behind a wireless router but port 22 is |
4 |
> open and pointing to this box, and a few others needed by other |
5 |
> applications. So I will check out which keys exist on the compromised |
6 |
> machine and make sure I recognize them all. I'll also need to check |
7 |
> the status of any other computer my key is stored on (a mix of linux & |
8 |
> windows, and my mobile phone). Sigh... |
9 |
> |
10 |
|
11 |
Since you're sshd setup is pretty secure i'd look at other network services. |
12 |
What else was running, and were there any servers that were only available |
13 |
from the local net (or were less protected from connections from the local |
14 |
net) than the Internet? That's the only case where a router compromise would |
15 |
assist in attacking your gentoo box. |
16 |
|
17 |
There have been some web browser based attacks that have come out against |
18 |
routers recently. They run the attack on your browser (cross site scripting |
19 |
IIRC) to get access to the web interface of the router because that is |
20 |
typically not available via the Internet side interface. Then then run a |
21 |
password guessing attack. Did your router have a strong password? |