[NTLUG:Discuss] crackers

Thu Aug 26 14:50:40 CDT 1999

first intrusion was around 9:00 in the a.m., a failed attempt to do
some kind of NFS mount. couple of 30 minutes or so later were some
kernel error messages and a bunch of gibberish
(E^H^-(E^H^-(E^H^-(E^H^-(E^H^-( type stuff, so i knew something was
up.  then at about 9:30pm or so, i noticed ROOT LOGIN from tailing
the system logs, and it wasn't me.  after about 30-60 secs of sheer
panic, i was about to %/sbin/ifdown eth0 but he was gone by then. 
guess i just shoulda reached up and unplugged the ethernet cable
instead.

first two intrusions were from different ip addys from home.com
somewheres up near buffalo ny and the last one came from
jaguarsystems.com dialup service in jersey.

i could go on, but if y'all are really interested in a crack autopsy
i could post what remains of the logs and some other interesting
stuff later this evening

-- lee

Greg E wrote:
> 
> Do you know how they got in, telnet?, news?, ftp? or what?
> 
> I just got mine hooked up last night (ISDN) and I'm not sure how secure I
> am yet.
> 
> Greg E
> 
> Lee Knudsen wrote:
> >
> > don't you just hate it when you have your cable modem up-and-running
> > for LESS THAN FIVE DAYS and some cracker from jersey finds his way
> > into your system and gets root access and deletes /var/log/* ??
> > man, i *hate* it when that happens!
> >
> >
> > -- lee
> >
> 
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss

-- 
      _
    _| ~-     Lee Knudsen
    \,  _}    Lee.Knudsen at usa.alcatel.com
      \(      lee at brave.com
100% of the shots you don't take don't go in.
				- Wayne Gretzky