Security Incidents mailing list archives
Re: Large scans in progress...
From: Jon Lewis <jlewis () LEWIS ORG>
Date: Thu, 14 Sep 2000 23:01:54 -0400
On Wed, 13 Sep 2000, Ryan Russell wrote:
to the system(which raises the legitimate question -- if I'm investigating the perpetration of a crime[or attempted crime] against myself or my property, am I as culpable as the person who broke into the system and used it for a malicious purpose?
It's still unauthorized entry even if it was dead simple and you werent the first. The inter-country thing could work to your advantage because they can't touch you here, or it could be a disadvantage because a local prosecutor could decide that you're in trouble even if the real admin later decides he didn't mind. I believe you could get nailed for unauthorized entry because you didn't seem to have authorization at the
I won't argue about this, but I seriously doubt he would get in any trouble over this (at least if he's within and subject to US law...I didn't pay attention to the original message and don't know where he's from) for several reasons. First, and probably most important, he's not causing damage. He didn't break into the system, he didn't backdoor it, he hasn't caused it to function improperly. The feds generally won't pursue you for computer crimes unless there are damages of a certain minimum dollar figure even if you are a malicious kid breaking into and generally breaking other people's systems. And if this was one of the typical hack jobs where root shell's were given out on TCP connections to some random port, what authorization was required and how does he know he needs and doesn't have authorization to make a TCP connection to some random port?
Too late. You've already done some minor messing up of the place... a couple of access-times have been modified, though that looks non-critical here (looks like the files were probably being written to constantly?)
He's contaminated the crime scene. If you notice your neighbor's door is kicked in and wide open, do you cautiously walk in and see what's up, ignore it, or stay away and call the police to tell them something looks wrong? ok...that's a bad analogy since someone could be in need of help in the house...but I think you get my point. He didn't break in, and didn't intentionally get in the way. In the vast majority of hacked boxes, the admins don't even know they've been hacked. If they do know and are leaving it alone, they're aiding criminals since more hacked boxes means more places to scan from, means more hackable boxes will be found and hacked.
There's a bash shell running open on port 1? (Or maybe was.. machine isn't pingable right this sec.)
Perhaps someone did them the favor of connecting and running ifconfig eth0 down. ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Large scans in progress... UnixGeek (Sep 13)
- Re: Large scans in progress... Russell Fulton (Sep 14)
- Re: Large scans in progress... Russel Smith (Sep 14)
- Re: Large scans in progress... Ryan Russell (Sep 14)
- Re: Large scans in progress... Jon Lewis (Sep 14)
- Re: Large scans in progress... Russell Fulton (Sep 14)