[CLUE-Tech] Lousy no-good @!$#%@#$% (cracked)
Randy Arabie
rrarabie at arabie.org
Mon Jan 28 21:52:21 MST 2002
On Mon, 28 Jan 2002, Sean LeBlanc wrote:
> > > ftp www.marianhome.go.ro
> >
> > This is an address under the control of rdsnet.ro (Romania),
> > which looks to be a hosting company. Possibly this cracker has
> > a site hosted there, or has cracked another account there.
>
> Why would he be so stupid to ftp to something he already cracked, or
> actually ftp to a site that he is associated with? Pretty dumb, but he did
> slip up other places, too, as I mentioned before. Shutting off sshd was
> especially stupid.
That's they way they work, often times. If you ever have the time, read the
white papers put out by the HoneyNet project at:
http://project.honeynet.org/
These are very educational, especially if you have any interest in how
crackers and script kiddies operate, and how to stop them.
> > What are the IPs?
>
> 193.231.202.163 and
> 193.109.122.5
>
> > What distro, version, etc. are you using?
>
> RH 6.1
The default version of BIND with that distro is vulnerable, as well as lpr,
and other packages too, I'm sure.
--
Cheers!
Randy
================================================================
Randy Arabie
GnuPG Key Info --
Fingerprint: 7E25 DFA2 EF72 9551 9C6C 8AA6 6E8C A0F5 7E33 D981
Key ID: 7C603AEF
http://www.arabie.org/keys/rrarabie.gnupg
================================================================
More information about the clue-tech
mailing list