[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: some interesting attacks



Hello,

Yes I do have better things to do.  In the even of a break in all I need to
do is take my image hard drive on site, plug it in as master, boot to it,
mke2fsck /dev/hdb1 then restore from image, fix the security problem and
install lilo on their drive (via a boot disk or boot cd as I carry both) ftp
to my home site and restore their settings like email/accounts/web
pages/dhcp/named/system settings (they are in tar.gz format via a script I
wrote to do remote backups, quite nice) then walk away.  We're looking at no
more than an hour tops to make these changes.

Ed

> -----Original Message-----
> From: Alvin Oga [mailto:aoga@Maggie.Linux-Consulting.com]
> Sent: Thursday, November 22, 2001 10:03 AM
> To: Wichert Akkerman
> Cc: debian-security@lists.debian.org
> Subject: Re: some interesting attacks
>
>
>
> hi ya
>
> > Previously Ed Street wrote:
> > > Any input/thoughts on this?
> >
> > Just that it's always amusing to watch a scriptkiddie try to hack your
> > box and see them fail.
>
> its more entertainng to watch um install a rootkit..but it fails
> because of multiple reasons... removing tar, make, gcc usually throws
> their scripts into a "what now state"...
> 	- than they come back with a pre-compiled version ... and
> 	time to play cat and mouse...
>
> once they get in... if and when... might as well scrap that box, and
> try to learn and chase them down and have fun with um ( hack their box)...
> or erase their files... or change their passwords, etc...
> 	- but than again... we all have better things to do..
>
> have fun
> alvin
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>



Reply to: