Re: "suspicious" apache log entries

To: <debian-security@lists.debian.org>
Subject: Re: "suspicious" apache log entries
From: "Andreas Syka" <asyska@db-media.de>
Date: Fri, 13 Sep 2002 11:19:47 +0200
Message-id: <[🔎] 002201c25b06$b493ed40$1901000a@as>
References: <[🔎] 20020912032447.GD31875@llama.nslug.ns.ca> <[🔎] 6D8E22F9-C620-11D6-B25D-00050285B655@ncpro.com> <[🔎] 20020912234226.GG1449@lovelace>

----- Original Message -----

From: "Geoff Crompton" <geoff.crompton@bjhcontrols.com.au>

To: <debian-security@lists.debian.org>

Sent: Friday, September 13, 2002 1:42 AM

Subject: Re: "suspicious" apache log entries

>   I can see that sending an email is an approriate legal, and
>   responsible course of action.
>   However to make his servers beep, you still need to perform an illegal
>   act of cracking into his box. Regardless of what you intend to do when
>   you get in there, it is still unauthorized access to the computer. If
>   it is legal to crack a box for 'good' reasons, what do you think the
>   real crackers will say there were doing if they get caught?

Ok, we had some posts saying that getting into someone's box and

making some noise to get the admins attention is comparable with walking in

someone house, sitting on the owners sofa and waiting / leaving a note on
the

wall to tell him someone broke in - both is illegal unauthorized access.

Now that the owner is on holiday, his house is burning and my house is next
to him

I should call the fire brigade to at least protect my own house and the
police

- as I've seen someone who put the house on fire.

Writing emails to them did work up to now and the owner is still not
reachable too.

The police is not interested - because there is a border between my house

and the burning one. I should try to contact the police "over there".

Right, its a bit stupid to use such comparison - but its somehow fun too.

The person on holiday is just called "standard M$-certified admin".

>   Unless we could popularise running a 'alert-me-if-my-box-is-screwy'
>   daemon, which when it receives a message it beeps, displays a message,
>   and keeps beeping until an operator acks the message.

Even ISPs do not really care about beeping boxed. When I carried my first
holy

4U-server to my ISP last year, I was really shocked. Tons of beeping
RAID-cards /

power-supplies. They never would hear mine. And its really not a small ISP

(I guess the smaller ones would be able to act properly).

IMO the only proper solution would be to notify the person mentioned in the

RIPE-handle / Domain-handle and hope that someone is going to react.

Everything else is playing fire- policeman. Or some kind of self protection.

>   Cheers
>   Geoff

best regards

Andreas

Reply to:

Follow-Ups:
- Re: "suspicious" apache log entries
  - From: skalar <skalar@v0id.at>
- RE: "suspicious" apache log entries
  - From: "John Corrigan" <johncorrigan@attbi.com>

References:
- Re: "suspicious" apache log entries
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: "suspicious" apache log entries
  - From: Marcel Weber <mmweber@ncpro.com>
- Re: "suspicious" apache log entries
  - From: Geoff Crompton <geoff.crompton@bjhcontrols.com.au>

Prev by Date: Re: "suspicious" apache log entries
Next by Date: Re: "suspicious" apache log entries
Previous by thread: Re: "suspicious" apache log entries
Next by thread: Re: "suspicious" apache log entries
Index(es):
- Date
- Thread