Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

Trojan Found in libpcap and tcpdump 486

Posted by michael from the when-your-packet-sniffer-won't dept.
msolnik writes "Members of The Houston Linux Users Group discovered that the newest sources of libpcap and tcpdump available from tcpdump.org were contaminated with trojan code. HLUG has notified the maintainers of tcpdump.org. See our reports here or here."
This discussion has been archived. No new comments can be posted.

Trojan Found in libpcap and tcpdump More

Trojan Found in libpcap and tcpdump

Comments Filter:

  • Hrmm (Score:2, Funny)

    by Anonymous Coward on Wednesday November 13, 2002 @09:30AM (#4658425)
    Who would have thought that TCPDUMP would have crap like that in it?

  • Ewww (Score:2, Funny)

    by segfault7375 ( 135849 ) on Wednesday November 13, 2002 @09:34AM (#4658461)

    Trojan Found in libpcap and tcpdump

    I swear, some of these source trees are worse than the canals of Venice. :)

  • Hey, Slashdot, (Score:3, Funny)

    by gazbo ( 517111 ) on Wednesday November 13, 2002 @09:47AM (#4658561)
    I was just wondering how long these sources have been available with these many eyes making bugs shallow and so forth? I'm assuming it's less than 1 hour, because as I keep being told, everyone in the open source community checks all source code thoroughly before installing it, which is something that can't be done with closed source.

  • Re:mars.raketti.net (Score:1, Funny)

    by Anonymous Coward on Wednesday November 13, 2002 @09:51AM (#4658595)
    Easy. Same way it happens to OpenSSH, and the OpenBSD kernel (you know that current revisions of OpenBSD are trojaned all to hell, dont you?)... First you come up with the "killer exploit" this is known in our little community as "0day"... THEN, you exploit the tome of information,, be it openbsd.org, kernel.org, tcpdump.org etc.. and insert your code. You can prepare days in advance with your new version, so really, breaking the box is the only real hard part..

    1. wget http://www.foo.com/useful-app.tar.gz

    2. tar -xzf useful-app.tar.gz

    3. vi something.c

    4. tar -cf useful-app.tar.gz useful-app/

    5. md5sum useful-app.tar.gz > useful-app.md5

    6. ./hax0r-the-hell-out-of www.foo.com

    7. scp ~/useful-app.tar.gz
    www.foo.com/useful-app.tar.gz

    8. scp ~/useful-app.md5 www.foo.com/useful-app.md5

    9. vi /var/log/syslog

    10. ????

    11. pr0fit.

    or if you are openbsd, you bribe a developer for their commit access.. or you break the developers
    box..

    isn't hacking for world domination fun?
  • ...wait...never mind.

  • Re:This is dreadful (Score:4, Funny)

    by phaze3000 ( 204500 ) on Wednesday November 13, 2002 @09:58AM (#4658648) Homepage

    It's the one problem with the open-source community - there's no-one to pay me to pay my staff for the lost man-hours caused by this.

    I couldn't agree more, if those cheap-arsed hippies who write Linux would only pay up when there's a problem with their software like reputable commercial companies like Micros.. err, Oracl.. err actually, forget it.

  • I thought the whole idea of the GPL was that you could take a program and modify it to your own needs so long as you release the source back to the community under the same license.

    Sounds like that's what happened here!

  • Impressive! (Was: as soon as this evening...) (Score:3, Funny)

    by teqo ( 602844 ) on Wednesday November 13, 2002 @10:31AM (#4658918) Journal
    apt-get update...
    well, I have not installed these sniffing proggies, so it should be okay.

    Darn... apt-get even makes your box more secure than before even if you haven't actually installed the bad packages? This must be the Holy Grail! And it should be okay? Not only that you have not installed tcpdump and libpcap, what definitely makes it okay, you don't even trust apt-get to really solve your (non-existing) problem... Now I wanna join the apt-get cult... Where can I register?

    I bet you recommend penicillin over other medicine even when you got no infection! Or do you use apt-get then as well? Doesn't make any difference anyway...

    (For the record: I use Debian GNU/Linux among other stuff...)

  • Re:This is dreadful (Score:5, Funny)

    by djtack ( 545324 ) on Wednesday November 13, 2002 @10:42AM (#4658996)
    And looking through his user profile [slashdot.org], he's also a rocket scientist. Wow.

  • Re:as soon as this evening... (Score:3, Funny)

    by OrangeSpyderMan ( 589635 ) on Wednesday November 13, 2002 @10:43AM (#4659001)
    If you read the article more carefully, you will notice that the binaries aren't trojaned.

    Phew, glad to hear that, I was worried the trojaned sources actually built trojaned binaries - glad you got that cleared up for us.

  • More (Score:2, Funny)

    by Anonymous Coward on Wednesday November 13, 2002 @10:44AM (#4659011)
    ...as a rocket scientist I feel most compelled to answer
    http://slashdot.org/comments.pl?sid=44937& cid=4658776

    ...I run a successful London-based dot com
    http://slashdot.org/comments.pl?sid=44933&cid =4658433

    ... As a lawyer myself, I can state that
    http://slashdot.org/comments.pl?sid=44912&ci d=4658097

    ... I'm an avid open-source supporter
    http://slashdot.org/comments.pl?sid=211 28&cid=2238414

    ...I am an avid supported of the open-source movement [sounds familiar? that's because it is -ed]
    http://slashdot.org/comments.pl?sid=20824&ci d=2207372

    ...I'm an avid supported of the open source movement [we know -ed]
    http://slashdot.org/comments.pl?sid=20761&ci d=2204471

    ... I am a passionate supported of the open-source movement [geez -ed]
    http://slashdot.org/comments.pl?sid=20760&ci d=2204422

  • Re:This is dreadful (Score:2, Funny)

    by forged ( 206127 ) on Wednesday November 13, 2002 @10:50AM (#4659069) Homepage Journal
    The guy is good, isn't he 8-}

    This reminds me of this one time when I chatted this girl on IRC. Oh wait.....

  • Microsoft's new tactic! (Score:1, Funny)

    by SirAnodos ( 463311 ) on Wednesday November 13, 2002 @11:03AM (#4659188)
    I'm telling you, this is Microsoft's new tactic for attacking open source. Make people afraid of it, and they will run in terror.

  • Re:Eventually, this would happen (Score:3, Funny)

    by bellings ( 137948 ) on Wednesday November 13, 2002 @11:05AM (#4659203)
    Now - who has most to gain from a highly visible trojan that's in fact virtually useless - Microsoft.

    No! It's John Ashcroft! This is just the first step towards the Brave New World Order, as correctly fortold on that ground-breaking show "The X-Files."

    Before Chris Carter and David Duchovney were eliminated and replaced with robotic clones by the old CIA lackeys of George Bush Senior, that show was the only thing on television that really explained what was going on in the world. There was a brief attempt by the FOX network to continue feeding you important news about technology and politics, but the Lone Gunmen show was quickly eliminated by the evil forces...

  • Re:prison (Score:1, Funny)

    by Anonymous Coward on Wednesday November 13, 2002 @11:06AM (#4659211)
    Goddamn, just becuase they might be loaded with more trojans than you'll ever need, spying on all of your important works, please, please use a closed-source spell-checker, this OS one appears to be faulty.

    Reading that text was just plain painful.

  • Re:Glad I use Gentoo (Score:2, Funny)

    by luismunoz ( 254664 ) on Wednesday November 13, 2002 @11:08AM (#4659234) Homepage
    [Insert the obligatory joke about /. slashdotting this server too] :)

  • Re:as soon as this evening... (Score:1, Funny)

    by Anonymous Coward on Wednesday November 13, 2002 @11:44AM (#4659652)
    5. Get the source, audit it line by line, and then build it when you know it's safe.

    6. Don't bother downloading packages, write your own ;-) /me don't trust any code I don't write...guess I should get started on the kernel!

  • Re:This is dreadful (Score:1, Funny)

    by Anonymous Coward on Wednesday November 13, 2002 @12:06PM (#4659951)
    Yeah, that girl on IRC was probably Jazzman.

  • Re:as soon as this evening... (Score:3, Funny)

    by dbarclay10 ( 70443 ) on Wednesday November 13, 2002 @12:56PM (#4660501)
    People using source for security who are in category 1 or 2 are just fooling themselves.
    You know that. I know that. Try telling THEM :) (Where "THEM" includes my boss, who makes me compile everything from source [and for Christ's sake, I maintain packages in the Debian archive!], but won't pay me or anybody else to actually *audit* the source, god-damnit.)

Slashdot Top Deals

New York... when civilization falls apart, remember, we were way ahead of you. - David Letterman

Close