Re: Attemted Theft of Services via FTP

Subject: Re: Attemted Theft of Services via FTP
From: Ryan Mesler (kraylus@airmail.net)
Date: Fri Mar 01 2002 - 15:31:16 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: John Nelson: "Re: Attemted Theft of Services via FTP"
• Previous message: Patrick Smith: "Re: 2.4.18 Compiled Kernel Won't Boot"
• In reply to: Patrick Callahan: "Attemted Theft of Services via FTP"
• Next in thread: John Nelson: "Re: Attemted Theft of Services via FTP"
• Reply: Ryan Mesler: "Re: Attemted Theft of Services via FTP"

ive reported to road runner that some of their boxes were transmitting nimda
and codered and my boxes got bout 60,000 hits a day from that alone. road
runner didnt do squat.

as for your protection... do NOT allow anonymous FTP. that would be bad. i
had some nightmares with that and my fbsd box.

what you could do is set a cron job that tells your modem to dia (when you
said modem, i assumed you meant dialup-if not, i apologize)l in at certain
times of the day (times known only by you) and stay connected for 15 min. if
it doesnt detect any net activity, it kills the connection. it'll email you
your IP address so you can know what your IP is and then login that way via
ftp or telnet. make whatever changes you need to your box and logout.

this is what i'd done for awhile back when i was working web design. since
you've got a dialup, this might be a good way to ensure higher security ;)

i dunno... just one of the many creative things to do with linux :)

as for the punishment of these crackers... get their IPs and get some IRC
bots... you get the idea ;)

R.L. Mesler <Kraylus>
Call me Kray

If at first you don't succeed, call it version 1.0

ICQ: 45088864
AIM: Kraylus
----- Original Message -----
From: "Patrick Callahan" <pac1@tiac.net>
To: <yellowdog-general@lists.yellowdoglinux.com>;
<bltnewuser@basiclinux.net>
Sent: Friday, March 01, 2002 5:23 AM
Subject: Attemted Theft of Services via FTP

> I've just started running proftp so I can move files around my internal
network.
> I'm connected to the internet by modem. and /var/log/secure contains a few
entries like this.
>
> Probably harmless because they were'nt able to give a valid username and
password. (anonymous logins are deliberately disabled)
>
> Feb 28 07:52:24 localhost proftpd[22095]: localhost.localdomain
([24.90.163.104]) - USER ftp (Login failed): Invalid shell.
> [root@localhost src]# ping 24.90.163.104
>
> Are there any other risks here? What would have happened next if
anonymous ftp were enabled?
>
> What would you do about 24-90-163-104.nj.rr.com? Report the attempt to
road runner? Ping of death to 24.90.163.104? Go to New Jersey and take his
computer away? Civil Trial? Trial at Law? What settlement or sentence would
you recommend as a Juror?
>
> Someone last year suggested renaming the distro from "Yellowdog" to "Pit
Bull Linux" Motto: "Just try to crack my box!"
> I'm thinking of the following warning on the ftp login page:
> "Protected by Pit Bull Linux and a false sense of security
>
> If you're going to try to crack this box be sure to bring plenty of dog
biscuits - the ordinary cookies on your hard drive won't do
>
> Sic em Chip!
> "
>
> Humor aside, what do you do about attempted cracks like this?
>
> -Pat
> -pat

• Next message: John Nelson: "Re: Attemted Theft of Services via FTP"
• Previous message: Patrick Smith: "Re: 2.4.18 Compiled Kernel Won't Boot"
• In reply to: Patrick Callahan: "Attemted Theft of Services via FTP"
• Next in thread: John Nelson: "Re: Attemted Theft of Services via FTP"
• Reply: Ryan Mesler: "Re: Attemted Theft of Services via FTP"

This archive was generated by hypermail 2a24 : Fri Mar 01 2002 - 15:46:11 MST