Firewall Wizards mailing list archives
Hacked
From: "Steve" <stevelw () flash net>
Date: Fri, 26 Feb 1999 00:56:01 -0600
Hacked this last weekend or sometime. What I'm running: Linux 2.0.35 with ipfwadm, all defaults, added masq for 192.168.1.0 to 0.0.0.0 to feed my home LAN to ppp through a little 56.6k dial up. How I found out: Tried to log in telnet from an inside machine, wouldn't allow me to log in under any user name I had configured - root, col or steve. Finally rebooted (Windows habit) and noticed that syslog couldn't write to any of the log files and still couldn't log in. Long story short: Got the machine back up with a new hard drive (install fresh on the hacked drive???!!! Hell no!!! It's evidence and possible clues as to who/what/when/how - the whole deal. So I mount the drive and find a message in my root directory: hehe.idiot.fix.your.imap.and.feel.glad.i.didnt.rm-rf.everything imap, huh? I knew I was running lots of services - it was a hacker's dream, most likely. But this was at home, and it was quite sloppy. But it did its purpose - my LAN *seems* okay - no evidence of any tampering, though it was quite possible - again, from sloppiness. Anyway, I have a real, honest-to-goodness hacked drive over here - something live to study and learn from. BTW - first thing I did was to check for messages, and, just as the messages on boot-up said, the log directory is gone. First thing this weekend - I will buy a computer for logging - do that transmission trick with the wiring - wire a cable only with the what - 1 and 2 wires, so it would be physically impossible for them to receive any feedback on the connection to try to delete those files on the other machine. (But I may wait until next week - it's First Saturday down here in Dallas). Besides that, I'll be keeping that hard drive off the network, except to look at it - I don't want anything to happen to it! I just may do a dd get a backup while I'm at it. I'm writing to share my experience, get some feedback and learn. I'd love to hear from anyone with ideas on what to look for on that drive, and anything else that comes to mind. Finally, am I ashamed to be writing this? No way!!! I love this! It's all just a game, and I love to play . . .
Current thread:
- Hacked Steve (Feb 26)
- Re: Hacked Bluefish [@ home] (Feb 28)
- RE: Hacked jonathan (Feb 28)