Subject: Internet Law (was:Re: Attemted Theft of Services via FTP)
From: Michael Tucker (mtucker@eecs.harvard.edu)
Date: Mon Mar 04 2002 - 12:45:16 MST
Just out of curiosity... How much at fault is this person for attempting
to login to your system? Where is the legal line drawn? Is it acceptable
to ping a whole block of IPs, figure out which are running FTP and then
try logging in to these (anonymous or with a few name/password "guesses")?
If you don't have repetitive attempts from a particular IP, is it any
better? Anyone know the legal code on this stuff?
Mike
On Fri, 1 Mar 2002, John Nelson wrote:
>
> Report them to the FBI. That might get some response.
>
> Any provider that doesn't police or respond to illegal activities on
> their networks
> gets what they deserve.
>
> -- John
>
>
> Ryan Mesler wrote:
>
> ive reported to road runner that some of their boxes were transmitting nimda
> and codered and my boxes got bout 60,000 hits a day from that alone. road
> runner didnt do squat.
> as for your protection... do NOT allow anonymous FTP. that would be bad. i
> had some nightmares with that and my fbsd box.
> what you could do is set a cron job that tells your modem to dia (when you
> said modem, i assumed you meant dialup-if not, i apologize)l in at certain
> times of the day (times known only by you) and stay connected for 15 min. if
> it doesnt detect any net activity, it kills the connection. it'll email you
> your IP address so you can know what your IP is and then login that way via
> ftp or telnet. make whatever changes you need to your box and logout.
> this is what i'd done for awhile back when i was working web design. since
> you've got a dialup, this might be a good way to ensure higher security ;)
> i dunno... just one of t
> he many creative things to do with linux :)
> as for the punishment of these crackers... get their IPs and get some IRC
> bots... you get the idea ;)
> R.L. Mesler <Kraylus>
> Call me Kray
> If at first you don't succeed, call it version 1.0
> ICQ: 45088864
> AIM: Kraylus
> ----- Original Message -----
> From: "Patrick Callahan" <pac1@tiac.net>
> To: <yellowdog-general@lists.yellowdoglinux.com>;
> <bltnewuser@basiclinux.net>
> Sent: Friday, March 01, 2002 5:23 AM
> Subject: Attemted Theft of Services via FTP
>
> I've just started running proftp so I can move files around my internal
>
> network.
>
> I'm connected to the internet by modem. and /var/log/secure contains a few
>
> entries like this.
>
> Probably harmless because they were'nt able to give a valid username and
>
> password. (anonymous logins are deliberately disabled)
>
> Feb 28 07:52:24 localhost proftpd[22095]: localhost.localdomain
>
> ([24.90.163.104]) - USER ftp (Login failed): Invalid shell.
>
> [root@localhost src]# ping 24.90.163.104
> Are there any other risks here? What would have happened next if
>
> anonymous ftp were enabled?
>
> What would you do about 24-90-163-104.nj.rr.com? Report the attempt to
>
> road runner? Ping of death to 24.90.163.104? Go to New Jersey and take his
> computer away? Civil Trial? Trial at Law? What settlement or sentence would
> you recommend as a Juror?
>
> Someone last year suggested renaming the distro from "Yellowdog" to "Pit
>
> Bull Linux" Motto: "Just try to crack my box!"
>
> I'm thinking of the following warning on the ftp login page:
> "Protected by Pit Bull Linux and a false sense of security
> If you're going to try to crack this box be sure to bring plenty of dog
>
> biscuits - the ordinary cookies on your hard drive won't do
>
> Sic em Chip!
> "
> Humor aside, what do you do about attempted cracks like this?
> -Pat
> -pat
>
>
> --
> _____________________________________________________
> John T. Nelson
> President | Computation.com Inc
> mail: | john@computation.com
> company: | http://www.computation.com/
> laboratories: | http://www.computation.org/
> _____________________________________________________
> "Providing quality IT consulting services since 1992"
>
>
>
This archive was generated by hypermail 2a24 : Mon Mar 04 2002 - 12:59:59 MST