Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
All this talk of network scanning and 4ax0rs...reminds me of something
that happened to me back when I was at U of MD and Ethernet in the dorms
was very new.
I return to my room and logged into my Linux box. The first thing I
noticed was "Last login from <some campus machine I've never been logged
onto ever>." So I unplugged the network and started poking around. First
I checked the log files and there they were, connections from that
unauthorized login as well as from several other machines. This was
before ssh became a common technology, so it didn't take me long to figure
out that some doofus had sniffed my password on the subnet. But, because
I had always used my own username and never root, this poor sap couldn't
cover his tracks. Another good break I got is that all the campus servers
run ident. So his username showed up in my log files, pretty neat eh?
So, inside of about 15 minutes, I had his name, address, phone number and
noted that he was still logged into the NEXT station that the login had
come from.
Another bit of stupidity that he left behind (and this is one of the best
parts). He tried to cover some of his tracks by removing the shell's
history by deleting the .history file. Obviously, he forgot that the
history is kept in the shell's memory space and written to disk only when
the shell exits (based on an environment variable of course). So it
seemed that I had a complete record of every command he had entered!
So I took the relevant log files, walked over to the Computer Science
Center, and reported the incident. As it happens, this guy was a First
Aider (computer lab assistant) and he had done all this while on duty.
Needless to say, he was asked not to return to work the following
semester.
The moral of the story is 1) always use ssh. And 2) don't go sniffing
passwords and hacking boxen unless you are REALLY sure you can cover ALL
of your tracks because someone like me WILL smack you upside your empty
little head.
:)
Nimrod
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact