Re: Hacked using vulnerable FTP daemon.

From: Bojan Zdravkovic (bzdravko@siac.com)
Date: 09/25/01 

From: "Bojan Zdravkovic" <bzdravko@siac.com>
To: paul.tan@embrace.com
Message-ID: <85256AD2.006A55F9.00@nsmtp1.nsmtp.siac.com>
Date: Tue, 25 Sep 2001 15:28:46 -0400
Subject: Re: Hacked using vulnerable FTP daemon.

Hi Paul,

Calling the ISP will help. They won't "get" the guy, only slap his wrist. The
biggest, ultimate effect of calling the ISP would be sending him a warning
email.

ISPs will never forward you any personal info, except if you're a government
investigator. And if an investigator gets involved the damage has to be
substantial (millions).

Don't talk about evidence, and don't blow things out of proportion, this is just
a simple mischief, happens to everyone.

And patch that ftpd.

-Bojan

Disclaimer: Obviously my opinions don't reflect the company's. If they did I'd
be the CEO.

Paul Tan wrote:

> Hello experts,
>
> I am helping a friend who got hacked last few days.
> Below is the logs from /var/log/messages, i managed to get the logs
> from the "last" command too. Is this sufficient info to call their ISP
> and get that guy?
>
> Rgds,
> Paul
>
> If you need more evidence i can produce eg. rootkits and stuff i found
> on the webserver.
>
<snip>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: RWW VPN security problem ?
    ... Most POP3 mail is hosted by the ISP, and I think we could use some of that ... > It could be "Two Nics, a static IP address, No ISA, Std SBS with ISP ... >> Hi Paul, ...
    (microsoft.public.windows.server.sbs)
  • RE: TripleDES Key Management
    ... Hi Paul, ... If you can, use the machine store. ... >encrypt/decrypt my uid/pswrd for SQL Server. ... >an ISP that hosts .NET applications. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: dial-up "response"
    ... Paul E. Schoen wrote: ... short 100-300mSec burst or bursts incoming followed by 1-20sec no data transfer; repeats until line drops out for no apparent reason. ... Probably a noisy phone line on your end, or a bad modem or other problem at your ISP. ... I changed modem drivers as suggested by my ISP to no avai; a different OS not previously used for online work also had same problems. ...
    (sci.electronics.design)
  • Re: [fw-wiz] About Port Forwarding, Apache and Firewall Rules
    ... > unilaterally ammended by the ISP after he became a customer. ... That makes it a contract issue, which he should take up with his provider ... the correct venue is the court system. ... Paul D. Robertson "My statements in this message are personal opinions ...
    (Firewall-Wizards)
  • Re: Lewis on Top Gear
    ... protecting their clients. ... client harvesting evidence would do the job. ... they have to drag the subscriber's information out of the ISP ... I really can't be bothered any further with your epic nonsense. ...
    (rec.autos.sport.f1)
Loading