Security Incidents mailing list archives
Re: Hacked using vulnerable FTP daemon.
From: Ben McGinnes <ben-mcginnes () iname com>
Date: Sat, 29 Sep 2001 10:44:00 +1000
Bojan Zdravkovic(bzdravko () siac com)@Tue, Sep 25, 2001 at 03:28:46PM -0400:
Hi Paul, Calling the ISP will help. They won't "get" the guy, only slap his wrist. The biggest, ultimate effect of calling the ISP would be sending him a warning email.
Depending on circumstance - probably. They always need at least one warning, after which the gloves may be removed (along with the offfending account). Remember, any ISP worth its salt will chase up security and abuse issues (it may not be quick enough for the original complaint, but it ought to happen). The reason for this is simple PR; any network which gains a reputation amongst its peers as being a script-kiddie and spammer haven will quickly find it's IP ranges blacklisted and it's routes relegated to the "when we can be bothered" category.
ISPs will never forward you any personal info, except if you're a government investigator. And if an investigator gets involved the damage has to be substantial (millions).
True. The same privacy laws which protect you from your ISP giving contact info to anyone who asks will also protect those of a less savoury stature. OTOH, if you're looking for IP ownership information, depending on the size of the network you may find that an ISP runs their own whois server. In such a case you may be able to track down the appropriate contact details for the IP in question and bypass the ISP (if your would-be cracker is trying to launch the attack from a static IP/host somewhere).
Don't talk about evidence, and don't blow things out of proportion, this is just a simple mischief, happens to everyone.
Along with all the other weird shit floating around. Depending on the threat level of the attack, sometimes it's generally a waste of time and effort trying to hunt them down. Usually if I see something odd or disturbing I'll go a-hunting, but OTOH these days I'm treating all those SunRPC and Bind scans much the same as Code Red and the like (mostly ignored, occasionally chased if I'm in the mood).
And patch that ftpd.
Indeed. WuFTPd is *not* your friend. From what I've heard NcFTPd *is*, though (and I believe the liscense allows for a couple of free installations for non-profit organisations/networks). Regards, Ben
Attachment:
_bin
Description:
Current thread:
- Hacked using vulnerable FTP daemon. Paul Tan (Sep 25)
- Re: Hacked using vulnerable FTP daemon. Patrick Andry (Sep 25)
- Message not available
- Re: Hacked using vulnerable FTP daemon. Paul Tan (Sep 26)
- <Possible follow-ups>
- Re: Hacked using vulnerable FTP daemon. Bojan Zdravkovic (Sep 25)
- Re: Hacked using vulnerable FTP daemon. Jose Nazario (Sep 25)
- Re: Hacked using vulnerable FTP daemon. Ben McGinnes (Sep 29)