[40843] in North American Network Operators' Group
Re: should i publish a list of cracked machines?
daemon@ATHENA.MIT.EDU (Laurence Berland)
Thu Aug 23 12:31:44 2001
Date: Thu, 23 Aug 2001 09:27:38 -0700 (PDT)
From: Laurence Berland <stuyman@confusion.net>
To: "M. David Leonard" <mdl@equinox.shaysnet.com>
Cc: Jim Mercer <jim@reptiles.org>, nanog@merit.edu
In-Reply-To: <Pine.3.89.10108231203.A17454-0100000@equinox.shaysnet.com>
Message-ID: <Pine.NEB.3.96.1010823092715.8958C-100000@euphoria.confusion.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Also, why not do whois lookups on those hosts and email appropriate
people?
On Thu, 23 Aug 2001, M. David Leonard wrote:
>
> Jim-
>
> How about instead posting information to help other admins
> identify the trojan daemon so we can check our own machines?
>
>
> David Leonard
> ShaysNet
>
>
>
> On Thu, 23 Aug 2001, Jim Mercer wrote:
>
> >
> >
> > i found one of my boxes was cracked (probably due to the BSD telnetd overflow).
> >
> > in any case, i found a file in the cracker's directory containing what i think
> > is a list of other servers which might be hacked.
> > i think the list also includes the passwords for using the trojan.
> >
> > on my server, i found a trojan daemon, allowing ssh on an 14000 series port.
> >
> > i was gonna just post the list of hosts here, but then, maybe not.
> >
> > what is the appropriate feeling?
> >
> > --
> > [ Jim Mercer jim@reptiles.org +1 416 410-5633 ]
> > [ Now with more and longer words for your reading enjoyment. ]
> >
>
Laurence Berland
http://www.isp.northwestern.edu
