[CLUE-Tech] Lousy no-good @!$#%@#$% (cracked)

Sean LeBlanc seanleblanc at attbi.com
Tue Jan 29 05:51:14 MST 2002 

On 01-28 22:16, Kevin Cullis wrote:
> Sean,
> 
> I just saw a program just the other day on PBS (I think) about computer
> security and the Defense Department (I think) tried hacking into 8192
> computers.  Guess what? Out all of those computers, only 1/2 of 1%
> actually knew that they had been hacked and 1/4 of 1% actually notified
> CERT about it.  So, you're not alone, but you're ahead of the game.

Heh. Does that make our government a terrorist state now? :) I guess what is
good for the goose is not good for the gander.

I wonder if those stats are skewed somewhat by companies or individuals
worried about PR issues.

> > 
> > Well, I've been noticing weird things on my firewall box since Friday.  I
> > wasn't able to SSH in several times, had to turn it on from the console,
> > only to discover hours later or next day it's not working again. So this
> > morning I'm eating my bagel and coffee before work and I decide to try SSH
> > again.  It's not on. So I start getting suspicious (finally) and decide to
> > snoop about for any foul play - sure enough, I've been cracked. I've been
> > pretty lazy about setting up ipchains to block things that I should be
> > blocking. I am guessing that this jackass is trying to make my box part of a
> > DDoS attack when the word comes via IRC. Here's at least a partial log of
> > what he did (from .bash_history) from an account called marian he made on
> > the box (with user id of 0):
> > 
> > So, any advice anyone has would be great. I ran Bastille scripts on this
> > machine once before, I may do that again, too...I changed a few things since
> > last I ran it, so it sure couldn't help.
> > 
> > I planned on swapping out this machine, and putting in its place OpenBSD
> > (and a very bare installation, at that); now I guess that is higher up on
> > the priority list - but in the meantime, I'd like some stopgap measure to
> > keep this punk out. I have to at least download the OpenBSD ISO and get some
> > hardware in order before I can do what I really need to do to stop this
> > nonsense.
> >

-- 
Sean LeBlanc:seanleblanc at attbi.com Yahoo:seanleblancathome 
ICQ:138565743 MSN:seanleblancathome AIM:sleblancathome 
If you want a thing done well, do it yourself. 
-Napoleon Bonaparte

More information about the clue-tech mailing list