[CLUE-Tech] Lousy no-good @!$#%@#$% (cracked)

Randy Arabie rrarabie at arabie.org
Mon Jan 28 21:11:51 MST 2002 

On Mon, 28 Jan 2002, Sean LeBlanc wrote:

> I also scribbled down the IP numbers from where some of the logins took
> place. Is there anything I can do in retaliation?

You can notify the network that those machines belong to, and attempt to 
notify the person who admins the machines themselves.  Chances are they are 
cracked boxes and the admins are not aware of that.  But, I wouldn't expect 
anything to come out of your efforts.

The .ro domain is Romainia, notorious for crackers and script kiddies.

> Prior to attack, I was running some services which I know I shouldn't have
> been , at least not without denying packets from outside - bind, smbd, nmbd,
> identd.

That negates the point of having a firewall....a lesson learned the hard way.

> I planned on swapping out this machine, and putting in its place OpenBSD
> (and a very bare installation, at that); now I guess that is higher up on
> the priority list - but in the meantime, I'd like some stopgap measure to
> keep this punk out. I have to at least download the OpenBSD ISO and get some
> hardware in order before I can do what I really need to do to stop this
> nonsense.

Do it now.  I'm running an OpenBSD firewall/router, and I couldn't be happier.
I'm still dilegent, and happy :-)  I followed the directions on the O'Reilly 
Networks BSD forum.  Go there, and do a search with keywords OpenBSD + 
firewall, it will be the #1 hit.

You will need your base system installed prior to following the steps in 
that article.  When I built mine, I just downloaded the network install 
floppy images, and did an FTP install.  The box I'm running on doesn't 
even have a cdrom drive.

Let me know if I can help out any.  I do know the feeling.  When I first got 
my cable modem up I kept putting off building my firewall box...until 
someone cracked my NT box and I couldn't log in!!

If you don't have time to build the OpenBSD box right away, I would suggest 
an LRP (Linux Router Project) firewall running on a floppy.  You could 
probably have that set up in 2 hours or less.  Write protect the disk,
let 'em try and crack that!  IF someone were to compromise it, well 
just reboot, and they are out!  Of course, you would want to fix that
vulnerability, but you don't have the luxury of running unecessary 
services on a floppy based system.  If you go that route, I would be 
happy to offer any advice there too.

Good luck....and by the way, if I were you I would just dump my 
essential files off the HD of the cracked box and then wipe it 
clean...its dirty, dirty, dirty.

-- 

Cheers!

Randy

================================================================
Randy Arabie
GnuPG Key Info -- 

 Fingerprint: 7E25 DFA2 EF72 9551 9C6C  8AA6 6E8C A0F5 7E33 D981
 Key ID: 7C603AEF
 http://www.arabie.org/keys/rrarabie.gnupg
================================================================

More information about the clue-tech mailing list