Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Crakers (was: Re: tlug: spam)
- To: tlug@example.com
- Subject: Crakers (was: Re: tlug: spam)
- From: NIIBE Yutaka <gniibe@example.com>
- Date: Tue, 26 May 1998 17:52:51 +0900
- In-Reply-To: <13674.27462.975554.752499@example.com>
- References: <13673.26280.657487.543157@example.com><199805251420.XAA02547@example.com><13673.37029.405034.449032@example.com><199805260104.KAA23633@example.com><13674.27462.975554.752499@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug@example.com
Thank you very much for your suggestion, Stephen J. Turnbull writes: > Actually, a lot of crackers don't seem to know enough to go looking for > the logs. Also, there's a good chance that you catch a "wannabe" > cracker, who is only following up on the work of a real cracker. The > real cracker is often only identifiable by the new accounts he leaves > behind. Actually, I've gotten the information about what he did, by attacing his shell process with debugger and read the "history". I guess that any cracker couldn't deceive the memory itself. :-) Also we identified where he came from. He came from dial-up account of small (possibly also cracked) ISP. He is not student, but a person at venture company in Japan. It seems for me that he didn't know that he got captured his session, and did many things including access to external hosts to get tools for craking (tcpdump etc.). He removed the shell history file, but unlucky for him, I got all the command lines he typed. * * * There is a company selling ISS, famous security tool. The important fact is that any security tool has two edges, defending and attacking. What we astonished was another sales person at related company (not THE company directly) called me after the cracking, and said "Your site has been cracked." ... "How about buying ISS to secure your network?" That got me mad. It's kind of match and pump sales (maybe this phrase is Japanese. ??). (provided our understanding of the log is correct. It's NO WARRANTY. Please don't ask me about the relation between THE company and ISS.). Please watch out folks. I learned that's the real world. * * * For Hackers (not Crackers): Recently, new feature called 'ipchains' is introduced into the Linux kernel (2.1.102--). I'm thinking about using this feature (IP level packet control) along with TCP wrapper and others (application level control). Happy Networking, -- -------------------------------------------------------------- Next TLUG Meeting: 13 June Sat, Tokyo Station Yaesu gate 12:30 Featuring Stone and Turnbull on .rpm and .deb packages Next Nomikai: (?) July, 19:30 Tengu TokyoEkiMae 03-3275-3691 -------------------------------------------------------------- Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp
- References:
- Re: tlug: spam
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Re: tlug: spam
- From: kenhrd@example.com (Ken Harada)
- Re: tlug: spam
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Re: tlug: spam
- From: NIIBE Yutaka <gniibe@example.com>
- Re: tlug: spam
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Re: tlug: spam
- Prev by Date: Re: tlug: mirrors
- Next by Date: Re: tlug: Draft of June 13 TLUG General Meeting Announcement
- Prev by thread: Re: tlug: spam
- Next by thread: Re: tlug: spam
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |