Security Incidents mailing list archives
probe backs? was Re: [INCIDENTS] Korea
From: jose () BIOCSERVER BIOC CWRU EDU (Jose Nazario)
Date: Fri, 28 Jan 2000 15:01:42 -0500
On Fri, 28 Jan 2000, Kim Robert Blix wrote:
And if I stumbled uppon a rootshell bound to a port on any machine that had recently been used to attack me, I sure would use it to investigate. I dont see *any* harm in that what so ever. the most likly reason for the shell being there is that the machine has been compromised and is used to launch attacks elsewhere. So by checking it out and then placing a phonecall you are doing them a favor.
What you seems to be saying is that if your neighbours house and their door is wide open in the middle of the night, you should just move along. I'd sure stick my head in and ask if everything is allright.
to me, it's part of threat assessment to examine a machine that has been making attacks or otherwise suspicious activity is a serious threat. on most occassions it's a comprimised system. i usually include such info in a report to the site admin (obtained from a whois lookup). i often do a few telnets to odd ports (ie banner grabbing) and a quick nmap scan. i doubt i'm the only one who does this (i know i'm not), and i often tell people how to do it. is this frowned upon by the larger community? like i said, i always include such info in my mail to the site/domain contact, so they can dismiss it as administrative probes when they find it in their logs. thanks, jose nazario jose () biochemistry cwru edu PGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
Current thread:
- Re: Korea (was RE: ?) Robert G. Ferrell (Jan 27)
- Re: Korea (was RE: ?) R a v e N (Jan 27)
- <Possible follow-ups>
- Re: Korea (was RE: ?) Brooke, O'Neil (Jan 27)
- Re: Korea (was RE: ?) Kim Robert Blix (Jan 28)
- probe backs? was Re: [INCIDENTS] Korea Jose Nazario (Jan 28)
- Re: Korea (was RE: ?) Mark Seiden (Jan 28)
- Re: Korea (was RE: ?) Rob McCauley (Jan 29)
- Re: Korea (was RE: ?) JJ Gray (Jan 28)
- Re: Korea (was RE: ?) David Brumley (Jan 28)
- Re: Korea (was RE: ?) Kim Robert Blix (Jan 28)
- Re: Korea (was RE: ?) Brooke, O'Neil (Jan 28)
- R: Re: Korea (was RE: ?) Raistlin (Jan 30)
- Re: Korea (was RE: ?) Robert G. Ferrell (Jan 28)
- Re: Korea (was RE: ?) Andy Hooper (Jan 28)
- Re: Korea (was RE: ?) Drissel, James W. (Jan 31)