Daniel Roethlisberger daniel at
Sun Oct 7 09:42:15 PDT 2001

Øyvind Repvik <mlists at> wrote:
> The probability of someone skilled trying to hack a system on a
> dialupline is increasingly slim, and *if* that is to happen...
> Well... I guess it's time to rebuild.

hmm it is not just that easy. I don't know what you have on your
boxes, but think of GPG private keys, SSL private certs, SSH
private keys. Even worse, you might not even notice someone broke
in, unless you run tripwire (do you?). An intruder could replace
your ssh client with a trojaned one (remember the break
in?). An intruder could install a sniffer and discover your local
passwords (is your LAN traffic all encrypted?). An intruder could
install a DDoS node. Or hop off your box to do more dangerous
break-ins (.mil, .gov?). Would you notice? :)

I've seen a modem dial-up box of a friend of mine being rooted in
no time. They installed several backdoors, but mostly IRC stuff (a
daemon, eggdrops, war-tools). Kids, judging by what they left
behind, but it could have been much worse..

I'm not saying that a base LFS install can be remotely
compromised. I think that the average finished LFS system is much
more secure than the average RedHat, SuSE, Debian. But it only
takes a single flawed client or daemon and its too late. And -if-
it happens, it's not just going to be like "oh, ok, then I just
rebuild". On my boxes at least, rebuilding would be the very least
of my troubles... ;)


   Daniel Roethlisberger <daniel at>
   PGP Key ID 0x8DE543ED with fingerprint
   6C10 83D7 2BB8 D908 10AE  7FA3 0779 0355 8DE5 43ED

Unsubscribe: send email to listar at
and put 'unsubscribe blfs-support' in the subject header of the message

More information about the blfs-support mailing list