Re: Redhat 6.2 Honeypot Hacked

[Greg Estabrooks <greg () phaze org>]

> I don't want to start this off on as something negative but here goes,  
> I do not believe in honeypots at all . You run default install insecure 

 First off maybe before you go jumping to conclusions you should actually 
READ WHAT I POSTED. "A few weeks ago we had a colocation customers machine 
get hacked into" Is the start of the very first sentence. I do not, have 
not, and will not run a Honeypot. The box I got the logs from was a hacked 
into customers machine, not some honeypot. And the logs where logs that 
the lame crackers software produced which I found afterward, not something 
I had been watching and allowing to happen. The main reason it was 
discovered was because the people were annoying others on IRC enough to 
get the box flooded a few times which drew our attention, I say again this 
was a colocation customers box, not "ours".

> I hope you post the logs online somewhere , I bet those admins would be 
> interested to know their networks were comprised after you knew they 

I was offering the logs to any interested as they seemed to be possibly 
the same people who had broken into the machine of the person I was 
replying too, please read before you shoot off your mouth/fingers 
regarding liabilities.

-- 

"And he piled upon the whales white hump, the sum of all the rage and hate
felt by his whole race. If his chest had been a cannon, he would have
shot his heart upon it."

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com