nanog mailing list archives

Re: should i publish a list of cracked machines?

From: Laurence Berland <stuyman () confusion net>
Date: Thu, 23 Aug 2001 09:27:38 -0700 (PDT)


Also, why not do whois lookups on those hosts and email appropriate
people?

On Thu, 23 Aug 2001, M. David Leonard wrote:


Jim-

      How about instead posting information to help other admins 
identify the trojan daemon so we can check our own machines?


                                      David Leonard
                                      ShaysNet



On Thu, 23 Aug 2001, Jim Mercer wrote:



i found one of my boxes was cracked (probably due to the BSD telnetd overflow).

in any case, i found a file in the cracker's directory containing what i think
is a list of other servers which might be hacked.
i think the list also includes the passwords for using the trojan.

on my server, i found a trojan daemon, allowing ssh on an 14000 series port.

i was gonna just post the list of hosts here, but then, maybe not.

what is the appropriate feeling?

-- 
[ Jim Mercer        jim () reptiles org         +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]


Laurence Berland
http://www.isp.northwestern.edu

Current thread:

should i publish a list of cracked machines? Jim Mercer (Aug 23)
- Re: should i publish a list of cracked machines? Mike Trest (Aug 23)
  - resolved Re: should i publish a list of cracked machines? Jim Mercer (Aug 23)
    - Re: resolved Re: should i publish a list of cracked machines? Kevin Houle (Aug 23)
- Re: should i publish a list of cracked machines? Mitch Halmu (Aug 23)
- Re: should i publish a list of cracked machines? Josha Bronson (Aug 23)
- Re: should i publish a list of cracked machines? M. David Leonard (Aug 23)
  - Re: should i publish a list of cracked machines? Laurence Berland (Aug 23)