Today I received a call from security officer telling me that the /etc/passwd file of one machine was truncated (0 byte). The same happened with /etc/group a couple of days before.
I tried to trace the cause but I had no success... can someone please give me a clue where should I look for?
I'm running Red Hat 5.7 x86_64.
Is it possible to restore a connection that is in state TIME_WAIT?
If not, I use raw packets (forgering the source), is it possible?
(Please understand that I do not intend to do bad things, it's just a matter of curiosity)
___ ___
| | (connecting using "hxsr") | |
| A | -----------------------------> P1 | B |
|___| -----------------------------> P2 |___|
P1 = Private key 1 from user "hxusr" from machine A
P2 = Private key 2 from user "hxusr" from machine A
As you can see I have only "hxusr" user in machine A and machine B, but I want to have to access machine B using 2 different private keys from machine A.
Is this possible?