Re: [Full-Disclosure] Idea

From: gregh (chows_at_ozemail.com.au)
Date: 08/23/03

  • Next message: Drew Copley: "RE: [Full-Disclosure] JAP back doored"
    To: "Elvedin" <mnsan11@earthlink.net>, <full-disclosure@lists.netsys.com>
    Date: Sat, 23 Aug 2003 09:40:49 +1000
    
    

    > ----- Original Message -----
    > From: Elvedin
    > To: full-disclosure@lists.netsys.com
    > Sent: Friday, August 22, 2003 9:29 AM
    > Subject: Re: [Full-Disclosure] Idea

    > Well, if all shells are removed and roots and other users shell is changed
    > to /bin/false, you wont be able to install another shell. How would you
    > interface with the system? NO SHELL!

    Many years ago on a learning curve far, far away, I used to use an Amiga on the net. It had an interesting thing it did with a certain Internet setup that not a lot of people used. You could configure ports to do whatever when accessed and if you didnt actually type in a port number that could be accessed, it wouldnt open.

    So, while wondering what it was that hackers actually did and having no clue at all about it, I decided it would be fun to watch them. I went through my config entries and added voluminous numbers of ports at random and linked them to a shell. The shell could also be configured and I configured it to do absolutely nothing other than act more or less like a dcc chat prior to me knowing they even existed. I guess this was somewhere around 1992. I went online and toured a few IRC channels, just popping in, saying a "hello, newbie here" and then waiting to be kicked off channel etc, which happened a lot when you typed something like that. ;-} Naturally, there were some who decided to look in on me as I wasnt hiding a thing from anyone. The truth is I didnt know how to even if I wanted to anyway and this was an Amiga with less chance of me finding someone who may know who knew Amiga. So, while I did this, I would get people connect to those ports I had opened and the shell would !
     pop up on my desktop and they would start typing. Most often, the first command was for a list of files, sometimes a format command and so on. Obviously none of this worked but sometimes they would do interesting things. In the end, I would type "hello" to them and get a lot of people just cut the connection and some, amused, start typing back.

    Now all that is a nice story and old now, anyway but the point is, surely there is *SOMEONE* on this list who is a competent enough programmer to write a "cmd" or "command" if you like that Windozers use that can be shoved in the correct dir and just do what that old Amiga shell did for me even allowing a > to a log file or whatever. One that basically does nothing or maybe appears to do nothing but attempts to trace the open connection. I know I cant do that. I was only ever a mediocre programmer. Maybe that would be something to help this "idea" along?

    Greg.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Drew Copley: "RE: [Full-Disclosure] JAP back doored"

    Relevant Pages

    • [Full-disclosure] Wi-fi. Approaching customers
      ... Greg. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://www.secunia.com/ ...
      (Full-Disclosure)
    • Re: [Full-Disclosure] Is this caused by Sobig?
      ... has a firewall in front of it. ... > Greg. ... Full-Disclosure - We believe in it. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)
    • [Full-Disclosure] Zone Alarm Pro
      ... Notification: ... Greg. ... Full-Disclosure - We believe in it. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)
    • Re: [Full-Disclosure] next blaster variant on its way
      ... I note Adaware even has a detection for msblaster now.... ... Greg. ... Full-Disclosure - We believe in it. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)
    • [Full-Disclosure] Whois appears to have taken a hit
      ... whois.opensrs.net - no response from ping or whois queries. ... Full-Disclosure - We believe in it. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)