[lug] Interesting Crash Report

rm at mamma.varadinet.de rm at mamma.varadinet.de
Wed Mar 21 14:16:49 MST 2001

On Wed, Mar 21, 2001 at 01:39:47PM -0700, D. Stimits wrote:
> I'd turn over information to the police or FBI. Even if they can't prove
> where they were from, the code collection would be interesting. Or if
> not to the police, there are several security organizations that collect
> info such as that, e.g., www.securityportal.com.

Hmm, the local admin wanted to do that (he discovered the break in
but wanted me to have a look at it--he's a english teacher who does
the admin stuff because nobody want's to do it :-/). I advised him
to first contact some local CERT and some Pros at his ISP. The ISP
strongly advised to _not_ pull in the police. Little chance to get
someone competent but they would certainly confiscate the server and
that would leave the school without internet connection. Oh, i forgot
to mention that the school is in Austria where certain administrative
things take slightly longer than in the rest of the world ;-)

The initial breakin was via the wellknown named bug. Looking at
all those named exploits V. Venemas idea of _not_ anouncing
security problems of named to the general public (only to selected
persons) sounds extremly scary. Time to look for a substitute.
Well, the incident is a nice reason for a drive into the Alps
and a day of installing Debian (i'm fed up with the SuSE on the
server, 'apt-get update' is sooo much more easy for mere mortals).


> FYI, while I was working on emails here, I had one attempted stealth
> scan from:
> Name:    171cm187.hkcable.com.hk
> Address:
> > 
> >  Ralf
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list