Re: tlug: spam

To: tlug@example.com
Subject: Re: tlug: spam
From: NIIBE Yutaka <gniibe@example.com>
Date: Tue, 26 May 1998 10:04:17 +0900
In-Reply-To: <13673.37029.405034.449032@example.com>
References: <13673.26280.657487.543157@example.com><199805251420.XAA02547@example.com><13673.37029.405034.449032@example.com>
Reply-To: tlug@example.com
Sender: owner-tlug@example.com

Long time no see...  There's the reason why I didn't come to this list
(see below).

Stephen J. Turnbull writes:
 > That's fine; but many victims are using 1, 2, or 3 year old
 > installations.  Often they're not aware of what's happening.  (At
 > least so they say.)  Certainly they are not in a position to fix the
 > problem as easily as I did; they don't have the knowledge.

Exactly.  Unfortunately for us, this could be applied to the case
using GNU/Linux system.  It's very easy to install, configure, and
start services of Internet with GNU/Linux system.  But as it's so
easy, people don't understand important issues sometimes.  They have
to defend by themselves, but don't have the knowledge.

			*	*	*

>From here, eyes only please. :-)

For these months, it seems for me that there are many abuses around
here and there (I'm maintaining hosts in my company and in other
organizations, and do consulting about maintainance of hosts in
schools in Japan).  Tha abuses are attacking security hole of HTTPD,
abusing innocent MTA to relay SPAM, abusing cracked host to send
mailbomb, and so on.

Lucky for us, we've "captured" one cracker's activity.  This is my
first experience meeting the cracker.  Real Hacker (?) meets the
cracker.  Sounds exciting, isn't it? :-)

He found that the system uses Linux kernel, and tried to many things
(including running tcpdump to caputure the packets) to hijack the
site.  Unlucky for him, the Operating System is our own homebred one,
he didn't find how to do.  Oh my cracker, you should learn about
computer more.  ;-)

Along with the logs on the host which he failed to remove, access
logs, and other informations, we almost identified the cracker.

But what could we do then?  With Japanese tradition, "KOTO WO
ARADATENAI" (someone please translate this phrase, it's something like
"don't make trouble, leave it untouched"), it seems that the site
doesn't want to sue, because the damage is so low, and it seems
that there is no applicable law in Japan for cracking itself.

It's very exciting experience for me, but slightly tired.  Hacker
should learn laws more. hehehe. ;-)

Any suggestions are very much appriciated.  Thanks in advance.
-- 
NIIBE Yutaka

P.S: Tips for security.  Don't leave development environment (C
compiler, assembler and so no) on the service host.  It can be used 
by the cracker.
--------------------------------------------------------------
Next TLUG Meeting: 13 June Sat, Tokyo Station Yaesu gate 12:30
Featuring Stone and Turnbull on .rpm and .deb packages
Next Nomikai: (?) July, 19:30 Tengu TokyoEkiMae 03-3275-3691
--------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp

Follow-Ups:
- Re: tlug: spam
  - From: "Stephen J. Turnbull" <turnbull@example.com>

References:
- Re: tlug: spam
  - From: "Stephen J. Turnbull" <turnbull@example.com>
- Re: tlug: spam
  - From: kenhrd@example.com (Ken Harada)
- Re: tlug: spam
  - From: "Stephen J. Turnbull" <turnbull@example.com>

Prev by Date: Re: tlug: spam
Next by Date: Re: tlug: VAIO 505EX vs. Moebius PC-PJ1
Prev by thread: Re: tlug: spam
Next by thread: Re: tlug: spam
Index(es):
- Date
- Thread

Home | Main Index | Thread Index