[CLUE-Tech] Lousy no-good @!$#%@#$% (cracked)
Randy Arabie
rrarabie at arabie.org
Mon Jan 28 21:11:51 MST 2002
On Mon, 28 Jan 2002, Sean LeBlanc wrote:
> I also scribbled down the IP numbers from where some of the logins took
> place. Is there anything I can do in retaliation?
You can notify the network that those machines belong to, and attempt to
notify the person who admins the machines themselves. Chances are they are
cracked boxes and the admins are not aware of that. But, I wouldn't expect
anything to come out of your efforts.
The .ro domain is Romainia, notorious for crackers and script kiddies.
> Prior to attack, I was running some services which I know I shouldn't have
> been , at least not without denying packets from outside - bind, smbd, nmbd,
> identd.
That negates the point of having a firewall....a lesson learned the hard way.
> I planned on swapping out this machine, and putting in its place OpenBSD
> (and a very bare installation, at that); now I guess that is higher up on
> the priority list - but in the meantime, I'd like some stopgap measure to
> keep this punk out. I have to at least download the OpenBSD ISO and get some
> hardware in order before I can do what I really need to do to stop this
> nonsense.
Do it now. I'm running an OpenBSD firewall/router, and I couldn't be happier.
I'm still dilegent, and happy :-) I followed the directions on the O'Reilly
Networks BSD forum. Go there, and do a search with keywords OpenBSD +
firewall, it will be the #1 hit.
You will need your base system installed prior to following the steps in
that article. When I built mine, I just downloaded the network install
floppy images, and did an FTP install. The box I'm running on doesn't
even have a cdrom drive.
Let me know if I can help out any. I do know the feeling. When I first got
my cable modem up I kept putting off building my firewall box...until
someone cracked my NT box and I couldn't log in!!
If you don't have time to build the OpenBSD box right away, I would suggest
an LRP (Linux Router Project) firewall running on a floppy. You could
probably have that set up in 2 hours or less. Write protect the disk,
let 'em try and crack that! IF someone were to compromise it, well
just reboot, and they are out! Of course, you would want to fix that
vulnerability, but you don't have the luxury of running unecessary
services on a floppy based system. If you go that route, I would be
happy to offer any advice there too.
Good luck....and by the way, if I were you I would just dump my
essential files off the HD of the cracked box and then wipe it
clean...its dirty, dirty, dirty.
--
Cheers!
Randy
================================================================
Randy Arabie
GnuPG Key Info --
Fingerprint: 7E25 DFA2 EF72 9551 9C6C 8AA6 6E8C A0F5 7E33 D981
Key ID: 7C603AEF
http://www.arabie.org/keys/rrarabie.gnupg
================================================================
More information about the clue-tech
mailing list