[olug] users.olug.org

Nick Walter waltern at iivip.com
Wed Mar 12 15:03:02 UTC 2003 

If I wanted to hypothetically start a mad reign of hacking terror, my
steps would be along the lines of

1.)  Using a sniffer or guessing or social engineering, get the password
to someones shell account (for this example, we'll assume Jonathan
Warren's OLUG shell account).

2.)  Use it to start scanning for vulnerabilities on other servers.  I
would probably use nmap for this.

3.)  Use publically available exploits to then exploit and root the
servers.

4.)  Do amusing things to the rooted servers.  This includes defacing
websites, installing sniffers, or the ever popular rm -rf /*

5.)  Eventually get noticed, and all the activity is traced back to . .
. Jonathan Warren!

I'm not picking on Jonathan btw, just illustrating an all-too-likely
scenario that is the reason why there are rules against port scanning
and so forth with shell accounts.

Nick Walter

On Wed, 2003-03-12 at 08:59, Jonathan Warren wrote:
> Really?  Ok I won't do it anymore.  I guess I don't understand why it would be illegal.  If you could explain I would appreciate it.
> 
> On Tue, Mar 11, 2003 at 11:43:16PM -0600, Brian Roberson wrote:
> > Well..........
> > 
> > 
> >     All I can say is...... It is for OLUG staff to know and you to wonder...
> > I should deactivate you account for misconduct, but I will simply give you a
> > public hand slap. port scanning and other "can be perceived as devious"
> > activity is not allowed on the olug shell server. Please do not make me push
> > the issue any further than this email, port scanning ( even if is your own
> > machine ) will not be tolerated.
> > 
> > 
> > 
> > 
> > 
> > 
> > ----- Original Message -----
> > From: "Jonathan Warren" <thechunk at cox.net>
> > To: <olug at olug.org>
> > Sent: Tuesday, March 11, 2003 9:33 PM
> > Subject: Re: [olug] users.olug.org
> > 
> > 
> > > No I don't.  I scanned it from the my work and nothing showed up.  I can
> > even scan itself and it can't find anything.  I have done lsof and netstats
> > to no avail.  If I scan news.com or yahoo.com it says 21 is open there too.
> > I find it hard to beleive that they would be running telnet servers.  The
> > next hope in a netstat is some kind of a firewall box.  I am curious if it
> > is intercepting my port 21 requests and dropping them or something.  Anyway
> > just curious.  If you want to check me for an ftp port my address is
> > thechunk.dyn.dhs.org.
> > >
> > >
> > > On Tue, Mar 11, 2003 at 06:10:20PM -0600, ktb wrote:
> > > > On Tue, Mar 11, 2003 at 05:19:09PM -0600, Jonathan Warren wrote:
> > > > > I was tryign to find what my open ports I had on my box.  I downloaded
> > nmap to users.olug.org and built it and installed it into my home directory.
> > Everything I scan with it reports that port 21 is open.  Any idea why it
> > would say that?  It seems very strange to me.
> > > >
> > > > What is "everything you scan?"  21/tcp is generally used for ftp.  You
> > > > can grep though /etc/services to find that information.  Sounds like you
> > > > have an ftp server running on your system.
> > > > hth,
> > > > kent
> > > >
> > > > --
> > > > To know the truth is to distort the Universe.
> > > >                       Alfred N. Whitehead (adaptation)
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > http://lists.olug.org/mailman/listinfo/olug
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > http://lists.olug.org/mailman/listinfo/olug
> > >
> > 
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>

More information about the OLUG mailing list