Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Hacked

From: "Steve" <stevelw () flash net>
Date: Fri, 26 Feb 1999 00:56:01 -0600
Hacked this last weekend or sometime.

What I'm running:

Linux 2.0.35 with ipfwadm, all defaults, added masq for 192.168.1.0 to
0.0.0.0 to feed my home LAN to ppp through a little 56.6k dial up.

How I found out:

Tried to log in telnet from an inside machine, wouldn't allow me to log in
under any user name I had configured - root, col or steve.  Finally rebooted
(Windows habit) and noticed that syslog couldn't write to any of the log
files and still couldn't log in.

Long story short:

Got the machine back up with a new hard drive (install fresh on the hacked
drive???!!!  Hell no!!!  It's evidence and possible clues as to
who/what/when/how - the whole deal.

So I mount the drive and find a message in my root directory:

hehe.idiot.fix.your.imap.and.feel.glad.i.didnt.rm-rf.everything

imap, huh?  I knew I was running lots of services - it was a hacker's dream,
most likely.  But this was at home, and it was quite sloppy.  But it did its
purpose - my LAN *seems* okay - no evidence of any tampering, though it was
quite possible - again, from sloppiness.  Anyway, I have a real,
honest-to-goodness hacked drive over here - something live to study and
learn from.

BTW - first thing I did was to check for messages, and, just as the messages
on boot-up said, the log directory is gone.  First thing this weekend - I
will buy a computer for logging - do that transmission trick with the
wiring - wire a cable only with the what - 1 and 2 wires, so it would be
physically impossible for them to receive any feedback on the connection to
try to delete those files on the other machine.  (But I may wait until next
week - it's First Saturday down here in Dallas).

Besides that, I'll be keeping that hard drive off the network, except to
look at it - I don't want anything to happen to it!  I just may do a dd get
a backup while I'm at it.

I'm writing to share my experience, get some feedback and learn.  I'd love
to hear from anyone with ideas on what to look for on that drive, and
anything else that comes to mind.

Finally, am I ashamed to be writing this?  No way!!!  I love this!  It's all
just a game, and I love to play . . .
Previous By Date Next
Previous By Thread Next

Current thread: