Joey Kelly <looseduk@ductape.net> writes:
eggdrop/irc stuff is notoriously hackable targetted kinda stuff. I
would hesitate to assume that a packet sniff occurred to aquire
access to that bot. Reading the note below, I'd be far quicker to
assume that the eggdrop bot itself was compromised. Let's face it,
eggdrop bot security holes are not real high on your average security
priority list. do they even list such things on securityfocus.com ?
and they're a popular target too. Just playing the odds, I'd say the
bot was compromised. Whether there is a publically known hole for the
version you've got or not, I'd still lay my bets on that without
knowing any other details of the actual incident.
> Thou spake:
>
> That's entirely possible, but we haven't heard anything about the version(s)
> that we run.
>
> The thing is, one of the lamers bought a shell from the provider in order to
> do his dirty deeds. He was boasting to us on irc about his takeover, and he
> had a connection that came from the same box that the eggdrop was on. We
> notified the box admin, who admitted to us that the lamer in question had
> just gotten his account terminated for doing other taboo things on the shell,
> running stuff that the admin took offense at. We weren't told all he was up
> to, though.
>
> Apparently the provider doesn't think he got rooted, and was rather arrogant
> when emailed last night about that possibility (in reference to needing root
> priviliges in order to sniff). Perhaps the arrogance was a smokescreen to
> hide the fact that the box had in fact been rooted. Dunno, really.
>
> At any rate, we have instituted a policy of tightening down our commercial
> shells --- file privilieges, etc., and also we are reviewing our channel
> security policies, etc.
>
> --Joey
>
> >
> >Of course, eggdrop itself could have exploitable flaws which would
> >allow a remote user to access and compromise it. then a "sniff" would
> >not have necessarily occurred.
> >
> >> Joey Kelly wrote:
> >> > Anyone know of any local exploits for FreeBSD? In particular,
> >> > FreeBSD 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #2
> >> > Here's the deal... one of our egddrop shells was sniffed. Scott says
> >> > that the only way to sniff is to have elevated privileges, to put
> >> > the nic into promiscuous mode.
> >> > Anyone have any thoughts about this?
> >>
> >> You do need to have privilages to run a sniffer on FreeBSD for
> >> programs like "sniff", "sniffit, "queso", etc.
> >>
> >> --
> >> Since-beer-leekz, |If this were an actual emergency, Mikey
> >>
> >> |we would have all fled in terror
> >>
> >> http://24.17.118.246:81 |and you would not have been notified
> >>
> >> ___________________
> >> Nolug mailing list
> >> nolug@nolug.org
>
> --
>
> Joey Kelly
> < Minister of the Gospel | Computer Networking Consultant >
> http://joeykelly.dhs.org
>
>
> "When Government fears the people, it's liberty.
> When people fear the Government, it's tyranny."
> -- Benjamin Franklin
>
> Ich möchte ein Berliner.
> ___________________
> Nolug mailing list
> nolug@nolug.org
-- Scott Harney <scott_harney@yahoo.com> Broadband Services Manager (LA) Charter Communications ___________________ Nolug mailing list nolug@nolug.orgReceived on 01/03/02
This archive was generated by hypermail 2.2.0 : 12/19/08 EST