violated

Craig White CraigWhite@AzApple.com
Tue, 28 Mar 2000 19:21:14 -0700


indeed - and http://rogers.home.com/CustomerSupport/ shows that the specific
IP address that violated me and the other on 3/26/00 was listed in their
internet abuse on 3/23/00 and resolved on 3/24/00. They did a great job of
stopping them didn't they?

I didn't mind them crashing BIND as much as I minded the damage to the bash
shell. I did reinstall and didn't reinstall BIND.

Craig

> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Mike
> Sheldon
> Sent: Tuesday, March 28, 2000 7:13 PM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: RE: violated
>
>
> They may have initially rooted you using a well-known exploit in BIND. If
> you're not running 8.2.2 patchlevel 3 or better (current is patchlevel 5)
> you are very definitely vulnerable. This might explain the
> "damage" done to
> BIND.
>
> Michael J. Sheldon
> Internet Applications Developer
> Phone: 480.699.1084
> http://www.desertraven.com/
> PGP Key Available on Request
>
> -----Original Message-----
> From: plug-discuss-admin@lists.PLUG.phoenix.az.us
> [mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Craig
> White
> Sent: Tuesday, March 28, 2000 17:29
> To: plug-discuss@lists.PLUG.phoenix.az.us
> Subject: violated
>
>
> below is a message I sent to abuse@rogers.home.com
>
> I post it in case anyone has comment - I note that once this
> person finished
> their playing, the shell was damaged and I couldn't use emacs or
> any normal
> editor...bind was toasted.
>
> I suppose you can whip me for not stopping telnet services but I
> hope we can
> get beyond that.
>
> Craig
>
> > would like to see you stop this person
> > IP Address... 24.113.4.113
> >
> > This person entered unauthorized - damaged the shells on at least
> > 2 computers that I administrate, destroyed the BIND process and I
> > may not be smart enough to figure whatever else they did so I
> > have stopped telnet services and have rebuilt the systems.
> >
> >
> > syslog entries on barney.azapple.com (24.221.62.42 -7GMT)
> > ------------------------------------
> > Mar 26 04:19:39 barney in.telnetd[2022]: connect from 24.113.4.113
> > Mar 26 04:19:56 barney login: LOGIN ON 0 BY hc FROM
> > cr872028-a.poco1.bc.wave.home.com
> > Mar 26 04:21:59 barney pam_console[2023]: getpwnam failed for hc
> >
> > securelog entries on barney.azapple.com
> > ---------------------------------------
> > Mar 26 04:19:39 barney in.telnetd[2022]: connect from 24.113.4.113
> > Mar 26 04:19:56 barney login: LOGIN ON 0 BY hc FROM
> > cr872028-a.poco1.bc.wave.home.com
> > Mar 26 04:21:59 barney pam_console[2023]: getpwnam failed for hc
> >
> >
> > syslog entries on mail.despinsprinting.com (24.221.16.195 -7GMT)
> > ------------------------------------------
> > Mar 26 16:00:20 mail named[533]: Lame server on
> > 'lsolss.larenco.com' (in 'LARENCO.com'?): [24.221.30.3].53
> > Mar 26 16:00:28 mail named[533]: Lame server on
> > 'lsolss.larenco.com' (in 'LARENCO.com'?): [204.210.2.110].53
> > 'VNS1.RRSAN.com'
> > Mar 26 16:01:38 mail PAM_pwdb[3098]: (login) session opened for
> > user hc by (uid=0)
> > Mar 26 16:02:04 mail PAM_pwdb[3110]: (su) session opened for user
> > hantu by hc(uid=758)
> >
> > securelog entries on mail.despinsprinting.com
> > ---------------------------------------------
> > Mar 26 16:01:29 mail in.telnetd[3096]: connect from 24.113.4.113
> > Mar 26 16:01:38 mail login: LOGIN ON 0 BY hc FROM
> > cr872028-a.poco1.bc.wave.home.com
> > Mar 26 16:08:07 mail ipop3d[3149]: connect from 192.168.1.52
> > Mar 26 16:08:56 mail pam_console[3098]: getpwnam failed for hc
> >
>
>
> _______________________________________________
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
> _______________________________________________
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss