[lug] What do you do about hackers (in the current sense of uninvited obnoxious intruders)

D. Stimits stimits at idcomm.com
Sun Apr 14 15:01:33 MDT 2002


Paul Bille wrote:
> 
> >> ran 89 probes in the minute
> >  Sounds like nessus or something similar.
> 
> I'm not familiar with nessus.  Is that the name of a root kit?
> 
> > Save your time for something more fun! t-online is germanys largest
> provider
> (former state telecom a.k. "Deutsche Bundespost" ) . . .  In my experience
> t-online couldn't care less
> 
> Guess you're right.  The scans continue to come in today.  I only got one
> probe last night and it came from, you guessed it, t-online.
> 
> 80.128.92.126 - - [14/Apr/2002:05:22:11 -0600] GET
> /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1 404 319
> 80.128.92.126 - - [14/Apr/2002:05:22:12 -0600] GET
> /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1 404 322
> 
> Name:    p50805C7E.dip.t-dialin.net
> Address:  80.128.92.126

A big problem is that if someone was cracked on a domain, you can bet
the entire domain had been scanned, and the domain is probably full of
other cracked boxes. This is on top of dynamic IP's, so it complicates
things. I don't know if this was the same IP within that domain as
before, but if not, perhaps they did close the 1 down...and only another
hundred cracked boxes left. Or there is the case of the end owner that
doesn't do anything, versus the ISP not notifying them. And of those end
owners who do something, if they simply reinstall the same way as before
they get opened right back up by the same cracker. But I still say that
"resistance is not futile". If you cause a cracker to need too much
effort or to realize they have someone watching them, there is a
reasonable chance they will move on to someone else and leave you alone.
If everyone says it is futile and simply does nothing about it, there is
no chance for things to do anything other than get worse.

D. Stimits, stimits at idcomm.com

> 
> Paul
> http://bille.cudenver.edu/author
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list