Security Incidents mailing list archives
Re: Korea (was RE: ?)
From: barakirs () NETVISION NET IL (R a v e N)
Date: Thu, 27 Jan 2000 21:32:37 +0200
A telnet backdoor on such a (relatively) low port that automatically drops you to a rootshell? And the admin didn't even notice it? And the crackers weren't smart enough to realize that another cracker could easily find this if it was on such a low port and didn't even require a password set by the cracker? This just proves how insecure educational institutes in eastern Asia are. They get cracked by such a bunch of amateur crackers. In fact, I've seen a text once that was called "how to get a shell account in 24 hours". It said that you should use Altavista to find sites hosted on Japanese servers and then use the PHF bug against them. Sooner or later, you will find a server that is vulnerable to this attack. PHF! (by the way, a person I know, which is a complete hacker wannabe and wants to impress his friends, has tried this technique and found five vulnerable servers in a couple of minutes. Luckily, he didn't know how to crack the password file, and if he did, he still wouldn't know what to do with it, nor any commands he could issue once he's inside, nor how to clean the logs of anything that could be used to trace him in case this was a "honeypot" and not just some really stupid admin or a network with some extremely outdated software). "Robert G. Ferrell" wrote:
I have LOTS of portscanning (mostly to port 111) from a number of hosts in Korea.As we've observed before, Korea, especially educational institutions in Korea, is virtually wide open to crackers.I portscanned them back and find out that at least a couple of them had port 2222 open. A telnet to that port droped me in a rootshell without being asked for any password....Well, while you're there, why don't you poke around and see if you can find out who ownz that box? Could be useful to know that... RGF Robert G. Ferrell Internet Technologist National Business Center, US DoI Robert_G_Ferrell () nbc gov
-- If a packet hits a pocket on a socket on a port And the bus is interrupted as a very last resort And the address of the memory makes the data link abort Then the socket packet pocket has an error to report. http://blacksun.box.sk
Current thread:
- Re: Korea (was RE: ?) Robert G. Ferrell (Jan 27)
- Re: Korea (was RE: ?) R a v e N (Jan 27)
- <Possible follow-ups>
- Re: Korea (was RE: ?) Brooke, O'Neil (Jan 27)
- Re: Korea (was RE: ?) Kim Robert Blix (Jan 28)
- probe backs? was Re: [INCIDENTS] Korea Jose Nazario (Jan 28)
- Re: Korea (was RE: ?) Mark Seiden (Jan 28)
- Re: Korea (was RE: ?) Rob McCauley (Jan 29)
- Re: Korea (was RE: ?) JJ Gray (Jan 28)
- Re: Korea (was RE: ?) David Brumley (Jan 28)
- Re: Korea (was RE: ?) Kim Robert Blix (Jan 28)
- Re: Korea (was RE: ?) Brooke, O'Neil (Jan 28)
- R: Re: Korea (was RE: ?) Raistlin (Jan 30)
- Re: Korea (was RE: ?) Robert G. Ferrell (Jan 28)
(Thread continues...)