[lug] Interesting Crash Report

D. Stimits stimits at idcomm.com
Wed Mar 21 14:48:31 MST 2001


rm at mamma.varadinet.de wrote:
> 
> On Wed, Mar 21, 2001 at 01:39:47PM -0700, D. Stimits wrote:
> [..]
> >
> > I'd turn over information to the police or FBI. Even if they can't prove
> > where they were from, the code collection would be interesting. Or if
> > not to the police, there are several security organizations that collect
> > info such as that, e.g., www.securityportal.com.
> 
> Hmm, the local admin wanted to do that (he discovered the break in
> but wanted me to have a look at it--he's a english teacher who does
> the admin stuff because nobody want's to do it :-/). I advised him
> to first contact some local CERT and some Pros at his ISP. The ISP
> strongly advised to _not_ pull in the police. Little chance to get
> someone competent but they would certainly confiscate the server and
> that would leave the school without internet connection. Oh, i forgot
> to mention that the school is in Austria where certain administrative
> things take slightly longer than in the rest of the world ;-)

To prosecute I understand you need to offer the hard drive or an image
of it without modifying it to remove things. But to make use of the
information, you probably could just contact unofficial sources that are
in the security business, e.g., securityportal.com, and they would have
the information and publicize how to break the crack.

> 
> The initial breakin was via the wellknown named bug. Looking at
> all those named exploits V. Venemas idea of _not_ anouncing
> security problems of named to the general public (only to selected
> persons) sounds extremly scary. Time to look for a substitute.
> Well, the incident is a nice reason for a drive into the Alps
> and a day of installing Debian (i'm fed up with the SuSE on the
> server, 'apt-get update' is sooo much more easy for mere mortals).
> 
>  Ralf
> 
> >
> > FYI, while I was working on emails here, I had one attempted stealth
> > scan from:
> > Name:    171cm187.hkcable.com.hk
> > Address:  61.10.171.187
> >
> >
> > >
> > >  Ralf
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list