 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
I was looking through some logs from a net node I don't use much here about
three days ago...I found that some subhuman POS was hitting my other
WRT300-N like a 25cent ho... Whoever it was evidently wasn't smart enough to
route their IP through multiple points, much less black hole it...
I don't like that crap. I have a big problem with anyone who feels like
messing with me in person or my tech online...especially if they aren't
creative enough to even attempt to hide themselves...
I have had to spend the last few days trying various things...out of nothing
more than malevolent, hate-filled revenge...but I finally nailed the
prick...(ip withheld...'cause perfect paranoia is perfect awareness)
Apparently the "person" (used very loosely) was running Solaris...I first
tried various easy RDP and MSMSGR exploits (before I found out OS), but to
no avail..so I attempted some assorted 'Nix exploits, and got a hit with the
port 23 telnet 'sploit....which is Solaris exclusive AFAIK...
Haha...I hope they like their nicely wiped system. :-D
I should have just flashed their BIOS with garbage, or upped thier proc and
RAM voltage to absurd levels...but I'm not *that* mean...
Backhacking can be fun...but I'd rather POV....and now that thet they are
occupied for the next few days, trying to figure out just WTF exactly
happened, I can. ;-D
Since this incident I have become tempted to set up a 'nix box just to act
as a firewall...maybe even positioned after a fireBox or cisco PIX firewall
box...
One cannot be too safe...stupid teenagers and their scripts...(stupid vista
too [HP used on the comp on that node]...gentoo time perhaps...?)
...2600
ian
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 17 Mar 2009 00:28:18 -0400, [GDS|Entropy] wrote:
> Apparently the "person" (used very loosely) was running Solaris...I
> first tried various easy RDP and MSMSGR exploits (before I found out
> OS), but to no avail..so I attempted some assorted 'Nix exploits, and
> got a hit with the port 23 telnet 'sploit....which is Solaris exclusive
> AFAIK...
Given that it was open to this hack, gotta make you wonder if someone
else had owned the machine and was using it as a launching off point to
cover their tracks and you toasted someone's machine who was innocent of
trying to hack your systems....
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
True..
But then again, even if that were so, at least that person is backdoor free
now. ;-)
Given the lack of any major brand name apps in that system, I doubt it was a
commercial machine. It was probably just a system some plebe set up to mess
around in. After all, who would want Solaris if not to run a major app on?
Solaris sucks. There aren't many apps that run on it either.
ian
"Jim Henderson" <nos### [at] nospam com> wrote in message
news:49bf3147$1@news.povray.org...
> On Tue, 17 Mar 2009 00:28:18 -0400, [GDS|Entropy] wrote:
>
>> Apparently the "person" (used very loosely) was running Solaris...I
>> first tried various easy RDP and MSMSGR exploits (before I found out
>> OS), but to no avail..so I attempted some assorted 'Nix exploits, and
>> got a hit with the port 23 telnet 'sploit....which is Solaris exclusive
>> AFAIK...
>
> Given that it was open to this hack, gotta make you wonder if someone
> else had owned the machine and was using it as a launching off point to
> cover their tracks and you toasted someone's machine who was innocent of
> trying to hack your systems....
>
> Jim
>
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
[GDS|Entropy] wrote:
> Solaris sucks. There aren't many apps that run on it either.
Except the enterprise stuff the owner wrote for himself to run his business.
I don't imagine Google has many commercial apps in their servers, but I
don't think Google would be happy having their machines wiped either.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
[GDS|Entropy] wrote:
> True..
>
> But then again, even if that were so, at least that person is backdoor free
> now. ;-)
>
> Given the lack of any major brand name apps in that system, I doubt it was a
> commercial machine. It was probably just a system some plebe set up to mess
> around in. After all, who would want Solaris if not to run a major app on?
> Solaris sucks. There aren't many apps that run on it either.
>
> ian
So long as you keep in mind what you did could be considered criminal.
Even if you did it to retaliate against someone who was trying to hack you.
--
~Mike
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 17 Mar 2009 01:20:38 -0400, [GDS|Entropy] wrote:
> True..
>
> But then again, even if that were so, at least that person is backdoor
> free now. ;-)
Well, hopefully they didn't store any critical data on it either. If
they have an external IDS in place (or perhaps if it were a honeypot),
then just maybe they could come after you. Nothing like having a
wonderful plan blow up in your face, you know.
> Given the lack of any major brand name apps in that system, I doubt it
> was a commercial machine. It was probably just a system some plebe set
> up to mess around in. After all, who would want Solaris if not to run a
> major app on? Solaris sucks. There aren't many apps that run on it
> either.
There are plenty of people who use Solaris for a number of tasks. Your
opinion of the OS really isn't relevant to their choice, and the fact
that you "backhacked" the site really says more about you than it does
about them, doesn't it?
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 17-3-2009 19:55, Mike Raiford wrote:
> [GDS|Entropy] wrote:
>> True..
>>
>> But then again, even if that were so, at least that person is backdoor
>> free now. ;-)
>>
>> Given the lack of any major brand name apps in that system, I doubt it
>> was a commercial machine. It was probably just a system some plebe set
>> up to mess around in. After all, who would want Solaris if not to run
>> a major app on? Solaris sucks. There aren't many apps that run on it
>> either.
>>
>> ian
>
> So long as you keep in mind what you did could be considered criminal.
I think 'could' may depend on the country Ians is in and the server was
in. I.e. I don't rule out there are countries where this is not a crime,
but in most countries it is a criminal act. Checking: hmm, Raleigh NC,
USA. AFAIK it is a criminal act in the USA.
Perhaps Ian should have consulted someone before acting so rash.
> Even if you did it to retaliate against someone who was trying to hack you.
No it was retaliation against an owner of a system that was used in a
hacking attempt. There is no proof at all that the owner had anything to
do with it. I'd guess 85% percent that the owned was innocent but is now
missing some months or years of work, let's hope there is a backup.
Some indication may be in how long it takes to get the system running
again, if that is more than a few days, the owner was probably innocent.
I don't have much commercial software on my machine, but that does not
mean that I only use it to mess around. Also note that when we have old
machines running in the lab it often means that some old software runs
on it that was not updated for newer OSes or that it interfaces to old
but vital hardware. Yet they would easily pass Ian's "plebs test".
In short: I am not happy with this.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
> Perhaps Ian should have consulted someone before acting so rash.
Or at least before broadcasting his confession all over the world. ;-)
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
>
> No it was retaliation against an owner of a system that was used in a
> hacking attempt. There is no proof at all that the owner had anything to
> do with it. I'd guess 85% percent that the owned was innocent but is now
> missing some months or years of work, let's hope there is a backup.
> Some indication may be in how long it takes to get the system running
> again, if that is more than a few days, the owner was probably innocent.
>
Misdirected, but his justification is still retaliation. The likely
innocent system was collateral damage. And yep. not legal here in the U.S.
> In short: I am not happy with this.
I agree.
--
~Mike
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
> andrel wrote:
>> Perhaps Ian should have consulted someone before acting so rash.
>
> Or at least before broadcasting his confession all over the world. ;-)
>
FWIW, I'd frequently get mounds and mounds of attempts against my system
when I was self-hosted... All I could really do was look at the logs and
smile. All of the attempts were directed toward IIS... :-D Fun...
I really couldn't be bothered to do much else. Way too many attempts to
compromise the system to ever get anything done if I reported all of
them, which were probably using other compromised systems anyway.
--
~Mike
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
