"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrndlii4k.rql.ibuprofin@compton.phx.az.us...
> In the Usenet newsgroup alt.computer.security, in article
> <wbV5f.3649$S_1.803@newsfe5-win.ntli.net>, Hairy One Kenobi wrote:
> >"Moe Trin" <ibuprofin@painkiller.example.tld> wrote
>
> >> the admin couldn't pin down which terminal it came from. Strong
> >> suspicions, but not strong enough to "convict".
> >
> >I suspect that he was "being human" :o)
>
> I've forgotten most of the details reported, but this individual had to
> keep a low profile for a while, while not noticeably doing things
> differently. Apparently the prank caused the admin much extra work, and
> this is not the way to win friends.
>
> >In our case, thre was only four of us - 1 subject, two known pranksters
> >(honest, guv, I only started in retaliation!), and one Junior progger. On
> >the TS+ closed network. He /really/ should have known better... :o)
>
> Practical Unix & Internet Security 3rd Edition, Garfnkel, Spafford and
> Schwartz, O'Reilly, 0-596-00323-4. 984 pgs, Feb. 2003. Chapter 21
> (Auditing, Logging and Forensics) - a section on "Beware false syslog
> entries on page 652 (page 317 in the second edition).
UNfortunately not available at the time.. VMS 5.x (can't remember the exact
rev), circa 1991. Close, though...
> >Can't recall if *nix has a similar function (but would be interested to
find
> >out: hint, hint!), but monitor proc/continuous [I /think/ was the syntax]
> >gave you a very nice view on what someone was up to
>
> Weeellll... It's not exactly obvious (and no, /proc/continuous isn't
> what you'd be looking for), but in a '/proc/' file system, there are
> relatively easy ways to see what is going on. By _default_ you need to
> be root (of course), and you are assuming the command the user is
> running isn't playing games with $*. By the way, not all systems
> have a /proc/ file system. For those, you've got to get into the virtual
> memory of the kernel - such as /dev/kmem.
VMS made it a bit easier, by having a device model rather than pipes. In all
honesty the effect was basically the same (aside from everything ending in
":") but it was all through DCL.
Unfortunately, I can't remember the exact commands.. I /think/ it was "write
sys$output" (substitute terminal device, e.g. "TPA666:" for "sys$output")
but.. erm, it was a while back. About six years (Solaris boxes coming out of
my ears, but no reasonable deal on a solitary VAX that won't heat my entire
street, let alone my house ;o) Now that I've ditched NT4, I don't even get
the comfort of a Blue Screen when booting...
> >This may be a cultural thing, but a large proportion of broadband users
over
> >here (the UK term is "broadband". USAians tend to s****** about our
> >bandwidth) have router/firewalls.
>
> This is often the case here as well. Actually, I'm seeing a fairly large
> number reporting some kind of el-cheap0 firewall appliance. Additionally,
> the ISP may supply something that acts as a router of sorts. It's not
> enough. I have three ISPs - one blocks inbound to ports below 1024
> (except 113), outbound 25, 137-139/445, and inbound to a few higher ports
> like 1900, 5000 and (strangely) 6000. Another blocks 137-139/445 in and
> out and 25 (except to their mail server), while the third blocks only 25
> outbound. Another that I used to use blocks nothing (and is therefore
> in a few blocklists).
>
> For a "business class" service, most ISPs I have to put up with seem
> to leave it wide open - even if the business is a single IP address.
A Floridan colleague reported the same thing - apparently he was a security
risk if he had access to port 80. By payment of around double the fee each
month, he was miraculously transformed into a trusted business user, who
could do what the heck he wanted :o\.
> >Most of the colleagues I deal with outside of Texas are techies, who all
> >have some sort of hardware router or Solaris/other UNIX home-built
solution.
> >Hardly representative.
>
> On a colleague level, I think everyone is running a *nix homebuilt
> solution of _some_ kind. In my case, it's what's left of an ancient
> 386 laptop - no screen, no keyboard, very little of anything in fact.
> It's running a severely stripped Linux, and is masquerading my home LAN.
Hum. My company has a very *nix background (I'm very much the exception - I
can happily set the damned thing up and use it, but I don't see it as a joy
to transform it from an OS-less box of electronic gubbins to a working
server over the weekend, in my own time. Well, mostly. Truth be told, I have
a queue of Wintel boxes as well.. ;o)
Sorry to say that the "main" Solaris box hasn't really been used in the last
few months ("bint" is saying, however, that the Ultra 1 just /has/ to go
from the spare bedroom. So this might change. The memory upgrade to run what
I'd like with a GUI costs more than the box, monitor, DAT, and bench
combined :o(
Ethereal duties are currently being performed by an x86 box, "temporarily"
running Windows rather than RH, due to a slightly major cock-up with Gnome
and generic LCDs. Said U1 get patched to the Cable Modem hub when I feel
sufficiently bored to run Nessus etc. Problem is having the whole supporting
suite available with a GUI and 2.9 - not enough memory.
> >Ulp. Still, a "few" years ago it was possible to bounce from the UK to
> >send a 'mail to, say, someone in Oz. Allegedly. With a lot of effort.
>
> It's exceptionally easy now - thanks to the abundance of home broadband
> users who haven't bothered to secure their systems. In most cases, the
> relay is some windoze box, which limits what I can do, but sending (for
> example) mail is trivial. Thanks to google, finding the proxies is also
> very easy.
Hum - see comemnt about these embedded UNIX routers; I don't believe that
it's actually as common for Joe Average Schmoo to be compromised
/externally/. Getting 'em to run something they don't perceive as dodgy,
well, yes, OK.
First came across "stoned" (remember that?) in an MoD typing pool. So, yes,
in the UK, typing pools survived into the PC age.
Brits holidaying in Spain have today been celebrating the 200th anniversary
of Trafalgar Day (think about it...)
> You mean some variation on "Up with the lark and to bed with a Wren"?
Something like that. (Cough). "Women's Royal Navy Service", abbreviated to
"Wrens" :o)
In the Usenet newsgroup alt.computer.security, in article
<Ste6f.5305$m4.4606@newsfe2-win.ntli.net>, Hairy One Kenobi wrote:
>A Floridan colleague reported the same thing - apparently he was a
>security risk if he had access to port 80. By payment of around double
>the fee each month, he was miraculously transformed into a trusted
>business user, who could do what the heck he wanted :o\.
That is _very_ common. To much so, in fact. A few ISPs are actually
going to the point of these "small business" accounts (I've seen it
suggested as anything under a /24) may have a clause in the contract
that allows "cleanup costs" to make abuse more painful. Unfortunately,
these are few indeed, and there are a lot of ISPs who could care less
based in Florida and Texas because the law is more tolerant.
>Sorry to say that the "main" Solaris box hasn't really been used in the
>last few months ("bint" is saying, however, that the Ultra 1 just /has/
>to go from the spare bedroom.
That may not be the only solution.
>The memory upgrade to run what I'd like with a GUI costs more than the
>box, monitor, DAT, and bench combined :o(
I _know_ where you are coming from there. I'm using older Intel stuff,
often third or fourth hand (dumpster diving can find fascinating hardware
sometimes). I combined hardware out of four 486s to get two with
adequate memory. Luckily, I can sometimes buy "used" windoze boxes from
garage sales for reasonable prices. I also remember when one of the
departments here bought a dozen "Creator"s. We naturally had to inspect
them (then as now, we do all the software loads), and I remember wondering
what was going to keep the thing from blowing sideways off the desk. I
think there were a total of five fans, three of which were blowing from
right to left as I recall. Then I picked it up... oh, that's why it
will stay put.
>First came across "stoned" (remember that?) in an MoD typing pool. So, yes,
>in the UK, typing pools survived into the PC age.
Vaguely - I was taking a "Continuing Education" course at the local uni,
and the computer lab got shut down that way. I was able to do the "lab"
work at home - some of my fellow students weren't so lucky.
>Brits holidaying in Spain have today been celebrating the 200th anniversary
>of Trafalgar Day (think about it...)
That was a short but fierce battle - what 2 hours? I won't comment on the
concept of celebrating in Spain (or France), but then - Yanks are known to
celebrate 4th of July in places where it might not be most politically
appropriate.
>Something like that. (Cough). "Women's Royal Navy Service",
Oh, I know _exactly_ who they are. I did three years in East Anglia many
many years ago. That allowed me to stay at the "Union Jack Club" in London
(which I think is run by RUSI) a couple of times.
Re: Incoherent E-mails 
Linear Mode
