violated

Craig White CraigWhite@AzApple.com
Tue, 28 Mar 2000 17:29:16 -0700


below is a message I sent to abuse@rogers.home.com

I post it in case anyone has comment - I note that once this person finished
their playing, the shell was damaged and I couldn't use emacs or any normal
editor...bind was toasted.

I suppose you can whip me for not stopping telnet services but I hope we can
get beyond that.

Craig

> would like to see you stop this person
> IP Address... 24.113.4.113
>
> This person entered unauthorized - damaged the shells on at least
> 2 computers that I administrate, destroyed the BIND process and I
> may not be smart enough to figure whatever else they did so I
> have stopped telnet services and have rebuilt the systems.
>
>
> syslog entries on barney.azapple.com (24.221.62.42 -7GMT)
> ------------------------------------
> Mar 26 04:19:39 barney in.telnetd[2022]: connect from 24.113.4.113
> Mar 26 04:19:56 barney login: LOGIN ON 0 BY hc FROM
> cr872028-a.poco1.bc.wave.home.com
> Mar 26 04:21:59 barney pam_console[2023]: getpwnam failed for hc
>
> securelog entries on barney.azapple.com
> ---------------------------------------
> Mar 26 04:19:39 barney in.telnetd[2022]: connect from 24.113.4.113
> Mar 26 04:19:56 barney login: LOGIN ON 0 BY hc FROM
> cr872028-a.poco1.bc.wave.home.com
> Mar 26 04:21:59 barney pam_console[2023]: getpwnam failed for hc
>
>
> syslog entries on mail.despinsprinting.com (24.221.16.195 -7GMT)
> ------------------------------------------
> Mar 26 16:00:20 mail named[533]: Lame server on
> 'lsolss.larenco.com' (in 'LARENCO.com'?): [24.221.30.3].53
> Mar 26 16:00:28 mail named[533]: Lame server on
> 'lsolss.larenco.com' (in 'LARENCO.com'?): [204.210.2.110].53
> 'VNS1.RRSAN.com'
> Mar 26 16:01:38 mail PAM_pwdb[3098]: (login) session opened for
> user hc by (uid=0)
> Mar 26 16:02:04 mail PAM_pwdb[3110]: (su) session opened for user
> hantu by hc(uid=758)
>
> securelog entries on mail.despinsprinting.com
> ---------------------------------------------
> Mar 26 16:01:29 mail in.telnetd[3096]: connect from 24.113.4.113
> Mar 26 16:01:38 mail login: LOGIN ON 0 BY hc FROM
> cr872028-a.poco1.bc.wave.home.com
> Mar 26 16:08:07 mail ipop3d[3149]: connect from 192.168.1.52
> Mar 26 16:08:56 mail pam_console[3098]: getpwnam failed for hc
>