| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Apr 13 00:00:31 2006 From: skodliv at gmail.com (poo) Subject: Shell accounts where i live the wireless networks roam wild, there's no public surveillance and the FBI have zero jurisdiction On 4/12/06, Ron DuFresne <dufresne@...ternet.com> wrote: > > On Tue, 11 Apr 2006 Valdis.Kletnieks@...edu wrote: > > > On Tue, 11 Apr 2006 23:48:41 BST, Ian stuart Turnbull said: > > > Ha Ha. Yes, not a proper fiend hey. But I take it that I would be > anonymous > > > technically. > > > > Nope. > > > > Hint - if you send a packet *out* from the shell account, it's probably > as a > > result of another packet going *in* to the shell account. > > > > Even the stupidest of cops can figure out that "wow - every time a > packet > > heads out from here to the Pentagon, a split second before, a similar > packet > > came in from some bozo on a cablemodem in Idaho. Maybe the Idaho guys > need > > to pay this guy a visit".... > > > > Yes, you can obfuscate it with setting cron jobs and tunnelling data via > covert > > channels and other neat tricks, but the basic point remains - if you > connect > > *to* the shell, you're no longer anonymous, and if you don't connect to > the > > shell, you can't use the shell.... > > > > > > Another issue to consider is that a mere user level shell likely lacks > privs to do some of the nasties referenced in some of these posts. thus, > the friend would not oonly have to allow shell access, but also give away > root on the server as well. > > Just a minor point. > > Thanks, > > Ron DuFresne > -- > "Sometimes you get the blues because your baby leaves you. Sometimes you > get'em > 'cause she comes back." --B.B. King > ***testing, only testing, and damn good at it too!*** > > OK, so you're a Ph.D. Just don't touch anything. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- smile tomorrow will be worse -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060412/07dc7d36/attachment-0001.html
Powered by blists - more mailing lists