nanog mailing list archives
Re: should i publish a list of cracked machines?
From: Josha Bronson <dmuz () slartibartfast angrypacket com>
Date: Thu, 23 Aug 2001 09:12:58 -0700
On Thu, Aug 23, 2001 at 11:53:38AM -0400, Jim Mercer said:
i found one of my boxes was cracked (probably due to the BSD telnetd overflow). in any case, i found a file in the cracker's directory containing what i think is a list of other servers which might be hacked. i think the list also includes the passwords for using the trojan. on my server, i found a trojan daemon, allowing ssh on an 14000 series port. i was gonna just post the list of hosts here, but then, maybe not. what is the appropriate feeling?
I'd try to contact the owners of the systems in the list personally. Posting such a list of machines thought to be cracked would accomplish little except getting those machines further probed/attacked. I would suggest trying to see what domains the IPs belong to and just shoot out some mail to root@/admin@/hostmaster@ or any other likely admin accounts with a heads up. -- Josha Bronson <dmuz () slartibartfast angrypacket com> Network/Systems/Security Engineer josha.net || dmuz.angrypacket.com
Current thread:
- should i publish a list of cracked machines? Jim Mercer (Aug 23)
- Re: should i publish a list of cracked machines? Mike Trest (Aug 23)
- resolved Re: should i publish a list of cracked machines? Jim Mercer (Aug 23)
- Re: resolved Re: should i publish a list of cracked machines? Kevin Houle (Aug 23)
- resolved Re: should i publish a list of cracked machines? Jim Mercer (Aug 23)
- Re: should i publish a list of cracked machines? Mitch Halmu (Aug 23)
- Re: should i publish a list of cracked machines? Josha Bronson (Aug 23)
- Re: should i publish a list of cracked machines? M. David Leonard (Aug 23)
- Re: should i publish a list of cracked machines? Laurence Berland (Aug 23)
- Re: should i publish a list of cracked machines? Mike Trest (Aug 23)