[lug] Attempted hack from 202.185.243.121

Daniel Webb webb at robust.colorado.edu
Mon Apr 22 22:04:23 MDT 2002


As for the "wall of shame", I get way over half of all my hack attempts
from "wanadoo.fr", which I have been told is the main ISP in France.
Back a little over a year ago (when I was
using Redhat), I was hacked from France.  The exploit was known, but
without buying Redhat's update service, there was no practical way for me
to know about it.  I searched their errata site and filed a bug report
because it was not there.  Needless to say that gave me a bad taste in my
mouth regarding Redhat.  The UnixOps guys that helped me track down the
problem said that basically everyone on the CU campus running Redhat has
been hacked at one time or another.

No doubt I can still be hacked, but at least it won't be from a six month
old remote exploit that was long ago fixed.


On Mon, 22 Apr 2002, Paul Bille wrote:

> > I get stuff like this all day long . . .
>
> Thanks Daniel.
>
> I guess I have too much time on my hands.  Anyone know where I can find some
> work to occupy my time and fill out my check book?
>
> In the mean while, it's not a futile effort.  I received a note from
> abuse at jaring.my confirming they had identified the source and advised the
> network administrator to take action.
>
> There may be value in creating a "Wall of Shame"; a database of known
> abusers.  If we compile a list of sources for these kinds of attacks, maybe
> we can discourage them.  Initially accumulating the IPs for attacks would
> allow us to identify ISPs with lax security.  Ultimately it would be
> desirable to tie attacks directly to authors by name.  Reputation, good or
> bad is a social contract that holds people accountable for their actions.
>
> Thanks,
> Paul
> http://bille.cudenver.edu/author
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>




More information about the LUG mailing list