Re: Redhat 6.2 Honeypot Hacked

From: Greg Estabrooks (greg@phaze.org)
Date: 04/16/02 

Date: Mon, 15 Apr 2002 23:08:21 -0300
From: Greg Estabrooks <greg@phaze.org>
To: gt3000 <gt3000@adelphia.net>

> I don't want to start this off on as something negative but here goes,
> I do not believe in honeypots at all . You run default install insecure

 First off maybe before you go jumping to conclusions you should actually
READ WHAT I POSTED. "A few weeks ago we had a colocation customers machine
get hacked into" Is the start of the very first sentence. I do not, have
not, and will not run a Honeypot. The box I got the logs from was a hacked
into customers machine, not some honeypot. And the logs where logs that
the lame crackers software produced which I found afterward, not something
I had been watching and allowing to happen. The main reason it was
discovered was because the people were annoying others on IRC enough to
get the box flooded a few times which drew our attention, I say again this
was a colocation customers box, not "ours".

> I hope you post the logs online somewhere , I bet those admins would be
> interested to know their networks were comprised after you knew they

I was offering the logs to any interested as they seemed to be possibly
the same people who had broken into the machine of the person I was
replying too, please read before you shoot off your mouth/fingers
regarding liabilities. 

-- 

"And he piled upon the whales white hump, the sum of all the rage and hate
felt by his whole race. If his chest had been a cannon, he would have
shot his heart upon it."

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com