[ale] an attack,, question of curiosity

Stephen Lastinger s.lastinger at computernetdesign.com
Tue Aug 7 23:13:28 EDT 2001


My $5 says script kiddie with an automated sweep search and crack app.  I
wouldn't take it personally.  If you'd really pissed of a true black hat
and it was a personal attack aginst you, you would never had known he was
there (unless later on he got so damn drunk....er, it's been know to
happen).  If it's the same guy then another $2 says he's just sweeping the
blocks of ip's of your isp.

Kill all unnecessary/unused/insecure processes from /etc/inetd.conf, check
/etc/rc.'whatever_your_distro_uses'.  Double check your system with a good
port scanner to see what's still listening, check your system logs
regularly, make sure the daemons you do use are up to date, and if a
bug(s) found-suspend the service until a secure update is provided (of
course that's if this is possible-some cases it is not), make regular
backups, and for god's sake **never ever ever** use a clear text
communication protocal (telnet, r-services, etc) and authenticate over
an unencrypted net connecton!

If you're communicating from a classroom or lab workstation to your home
machine......well lord only knows what's on that box!  Or on another
untrested box on the network.....opens up a whole new slew of
possiblities....

-Stephen

--
Stephen Lastinger        - s.lastinger at computernetdesign.com
Computer Network Design,Inc.  - http://www.computernetdesign.com


On Tue, 7 Aug 2001, Stephen Turner wrote:
> From: Stephen Turner <artic_knight at yahoo.com>
> Subject: [ale] an attack,, question of curiosity
>
> eh, im new and im nieve to some of the concepts of
> linux :P anyways one day i left my computer on as i
> went to school, (tech) i wanted to fool with lilo some
> during my boring class... well i forgot to write my
> ip, when i came home my Knight user could not use x
> windows so i logged out and checked root, root had a
> mail message that bounced due to a full mailbox the
> address was gh0st at altivista.net this burned me up cuz
> the reason x would not work is the logs were deleted.
> i reinstalled everything paranoid someone may have
> modified my computer for the worse er something.. not
> like it would have matterd much anyways. (i do very
> little with this computer) after the reinstall i tried
> it again... going to school that is with the computer
> on... this time he left the message again (blank
> email) but did not bother to del my logs.... is this a
> worm or a user? my ip had changed due to dhcp so did
> he track me down?
>


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list