Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tlug: Can't telnet in...But machine is definitely on- the plot thickens (crackers)
- To: tlug@example.com
- Subject: Re: tlug: Can't telnet in...But machine is definitely on- the plot thickens (crackers)
- From: Dave Gutteridge <dave@example.com>
- Date: Sat, 16 Jan 1999 00:04:09 -0800
- Cc: jwt@example.com
- Content-Type: text/plain; charset="us-ascii"
- In-Reply-To: <13984.1286.514140.10580@example.com>
- References: <Pine.LNX.3.95.990115231400.462O-100000@example.com><1295734719-13629326@example.com><Pine.LNX.3.95.990115231400.462O-100000@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug@example.com
First off, big thanks to Jim Tittsler for getting back in touch with me directly about the telnet problem I've been having. I really appreciate your dialogue on the matter. However, I can't say too much about what exactly the solution is, yet, because the situation has not yet been resolved. But I do know more about the problem. Almost simultaniously with the time i discovered the telnet problem, i started getting e-mails from guys in Germany asking why I was accessing their networks. I never did such a thing, so i took the log files they gave me and went to a UNIX guru I know, and he helped me to deduce that my system has been compromised by some hacker (cracker?) who exploited either imap or sunrpc (which i didn't know i was running - BIG mistake) to gain access to my machine and was in turn using similar techniques to get into other peoples machines. What a headache. I had to write a lot of apologetic e-mails to sysadmins mainly in Germany explaining my dilema. I should mention that none of them were at all hostile to me, all were understanding and one in particular was very friendly and helpful. So whatever this hacker/cracker/completebastard/whoever has done to my machine has left it impossible for me to gain access. I'm pretty sure it's something the hacker did because the timing is much too coincidental for me to believe otherwise. I wasn't doing anything to the hosts.deny or hosts.allow files recently. However, I think that I can't be dealing with too clever a hacker, because I would think that the most intelligent way of getting into a system would be to leave as little trace as possible. Screwing the system totally so that I was alerted pretty much immediately makes me think that this person some kind of amateur who probably learned a trick or two from some web page. As it is, the machine has been turned off for a while (though i think it may be on again now), but nothing will be learned about what exactly this loser has done until I'm back in town next week to actually sit in front of the machine and fiddle with it directly. ------------------------------------------------------------------- Next Nomikai: 14 January 1999, 19:30 Tengu TokyoEkiMae 03-3275-3691 *** it will will be Jan 14 (Thu), as Jan 15 (Fri) is a natl holiday Next Technical Meeting: Feb 13 (Sat), 12:30 ace: Temple Univ. ------------------------------------------------------------------- more info: http://tlug.linux.or.jp Sponsor: PHT
- References:
- Re: tlug: Can't telnet in...But machine is definitely on
- From: "J. David Beutel" <jdb@example.com>
- tlug: Can't telnet in...But machine is definitely on
- From: Dave Gutteridge <dave@example.com>
- Re: tlug: Can't telnet in...But machine is definitely on
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Re: tlug: Can't telnet in...But machine is definitely on
- Prev by Date: tlug: nomikai
- Next by Date: Re: tlug: 2.2.0-pre? kernels on Sparc
- Prev by thread: Re: tlug: Can't telnet in...But machine is definitely on
- Next by thread: Re: tlug: Can't telnet in...But machine is definitely on
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |