[1915] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: WARNING: Break-in attempts

daemon@ATHENA.MIT.EDU (Shaun Hedges)
Sun Jun 21 02:23:49 1998

Date: Thu, 18 Jun 1998 12:38:44 -0600
From: Shaun Hedges <shedges@shaw.wave.ca>
To: "B. James Phillippe" <bryan@terran.org>, linux-security@redhat.com
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

B. James Phillippe wrote:

> Greetings all,
>
>         I'm forwarding a copy of an email I sent reporting attempted
> break-ins on my main server, earth.terran.org.  I am forwarding this

[... deleted ... ]

> Web server logs showing attempted breakin:
>
> pmnac1-4.inu.net - - [18/Jun/1998:23:49:57 -0700] "GET /cgi-bin/phf" 302 -
> pmnac1-4.inu.net - - [18/Jun/1998:23:49:58 -0700] "GET /cgi-bin/test-cgi"
> 403 -
> pmnac1-4.inu.net - - [18/Jun/1998:23:49:59 -0700] "GET /cgi-bin/handler"
> 404 -
>
[... deleted ...]

It is nice being paranoid, but what that person did is *not* illegal and would
not hold and water in a court of law.

He caused no loss of money, no denial of service, nothing.

How can you deduce that the attacks were made by root user?  ident is easily
spoofable.
How do you know that inu.net was not infacted 0wned first and he was using
that host for some sort of diversion mechanism?
How do you know that he is not reading your e:mail right now and laughing at
you because he knows nothing happened?

There are so many variables in situations like this you have to take into
effect, and it seems that you haven't.


It is nice being paranoid, but really.  What this person did is not illegal,
and you should just forget about it.  This happens to me everyday, if I really
wanted to threaten them then I would send email to their admins, but there is
no use.

They would rather have people doing bad stuff and paying  money, than have no
money at all.

Regards.

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post