[olug] users.olug.org

Brian Roberson roberson at olug.org
Wed Mar 12 19:46:19 UTC 2003


So, when I get a call from people at news.com about possible devious
activity, shall I give them you home #?

users:/home/thechunk # grep news.com .bash_history
lynx www.news.com
ping www.news.com
telnet www.news.com 21
nmap www.news.com
users:/home/thechunk #


I have be super leanient till now on the shell services, please dont ruin it
for all.





----- Original Message -----
From: "Jonathan Warren" <thechunk at cox.net>
To: <waltern at iivip.com>; "Omaha Linux User Group" <olug at olug.org>
Sent: Wednesday, March 12, 2003 9:17 AM
Subject: Re: [olug] users.olug.org


> Yes I understand all this.  I am not condonign illegal access to anything.
However this reminds me of a story I've heard.  It goes somethign like this.
It came to the attention of some higher up military types that there were
open and available tools to allow for testing the security of a machine.
There reaction was to try and classify it.  They thought they could hide it
and continue running insecure boxes.  I just don't see the point in running
from something that is very useful.  Again I am not condoning illegal
access.  The information provided by nmap is very useful.  Why the fear of
it?  Why not leverage it to improve security across the whole network?
Anyway just my .02.
>
> Again I am not out to get anyone upset with me and won't use it again from
that machine if it bothers people.  I just don't understand the fear.
>
> -Jon W
>
> On Wed, Mar 12, 2003 at 09:03:02AM -0600, Nick Walter wrote:
> > If I wanted to hypothetically start a mad reign of hacking terror, my
> > steps would be along the lines of
> >
> > 1.)  Using a sniffer or guessing or social engineering, get the password
> > to someones shell account (for this example, we'll assume Jonathan
> > Warren's OLUG shell account).
> >
> > 2.)  Use it to start scanning for vulnerabilities on other servers.  I
> > would probably use nmap for this.
> >
> > 3.)  Use publically available exploits to then exploit and root the
> > servers.
> >
> > 4.)  Do amusing things to the rooted servers.  This includes defacing
> > websites, installing sniffers, or the ever popular rm -rf /*
> >
> > 5.)  Eventually get noticed, and all the activity is traced back to . .
> > . Jonathan Warren!
> >
> > I'm not picking on Jonathan btw, just illustrating an all-too-likely
> > scenario that is the reason why there are rules against port scanning
> > and so forth with shell accounts.
> >
> > Nick Walter
> >
> > On Wed, 2003-03-12 at 08:59, Jonathan Warren wrote:
> > > Really?  Ok I won't do it anymore.  I guess I don't understand why it
would be illegal.  If you could explain I would appreciate it.
> > >
> > > On Tue, Mar 11, 2003 at 11:43:16PM -0600, Brian Roberson wrote:
> > > > Well..........
> > > >
> > > >
> > > >     All I can say is...... It is for OLUG staff to know and you to
wonder...
> > > > I should deactivate you account for misconduct, but I will simply
give you a
> > > > public hand slap. port scanning and other "can be perceived as
devious"
> > > > activity is not allowed on the olug shell server. Please do not make
me push
> > > > the issue any further than this email, port scanning ( even if is
your own
> > > > machine ) will not be tolerated.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Jonathan Warren" <thechunk at cox.net>
> > > > To: <olug at olug.org>
> > > > Sent: Tuesday, March 11, 2003 9:33 PM
> > > > Subject: Re: [olug] users.olug.org
> > > >
> > > >
> > > > > No I don't.  I scanned it from the my work and nothing showed up.
I can
> > > > even scan itself and it can't find anything.  I have done lsof and
netstats
> > > > to no avail.  If I scan news.com or yahoo.com it says 21 is open
there too.
> > > > I find it hard to beleive that they would be running telnet servers.
The
> > > > next hope in a netstat is some kind of a firewall box.  I am curious
if it
> > > > is intercepting my port 21 requests and dropping them or something.
Anyway
> > > > just curious.  If you want to check me for an ftp port my address is
> > > > thechunk.dyn.dhs.org.
> > > > >
> > > > >
> > > > > On Tue, Mar 11, 2003 at 06:10:20PM -0600, ktb wrote:
> > > > > > On Tue, Mar 11, 2003 at 05:19:09PM -0600, Jonathan Warren wrote:
> > > > > > > I was tryign to find what my open ports I had on my box.  I
downloaded
> > > > nmap to users.olug.org and built it and installed it into my home
directory.
> > > > Everything I scan with it reports that port 21 is open.  Any idea
why it
> > > > would say that?  It seems very strange to me.
> > > > > >
> > > > > > What is "everything you scan?"  21/tcp is generally used for
ftp.  You
> > > > > > can grep though /etc/services to find that information.  Sounds
like you
> > > > > > have an ftp server running on your system.
> > > > > > hth,
> > > > > > kent
> > > > > >
> > > > > > --
> > > > > > To know the truth is to distort the Universe.
> > > > > >                       Alfred N. Whitehead (adaptation)
> > > > > > _______________________________________________
> > > > > > OLUG mailing list
> > > > > > OLUG at olug.org
> > > > > > http://lists.olug.org/mailman/listinfo/olug
> > > > > _______________________________________________
> > > > > OLUG mailing list
> > > > > OLUG at olug.org
> > > > > http://lists.olug.org/mailman/listinfo/olug
> > > > >
> > > >
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > http://lists.olug.org/mailman/listinfo/olug
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > http://lists.olug.org/mailman/listinfo/olug
> > >
> >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>



More information about the OLUG mailing list