On Thu, 3 Jan 2002 10:36:13 +0000
Joey Kelly <looseduk@ductape.net> wrote:
The logs should tell you when and which ethernet interface was placed in
promiscuous mode. Hopefully which application did it as well.
> Thou spake:
>
> That's entirely possible, but we haven't heard anything about the version(s)
> that we run.
>
> The thing is, one of the lamers bought a shell from the provider in order to
> do his dirty deeds. He was boasting to us on irc about his takeover, and he
> had a connection that came from the same box that the eggdrop was on. We
> notified the box admin, who admitted to us that the lamer in question had
> just gotten his account terminated for doing other taboo things on the
> shell, running stuff that the admin took offense at. We weren't told all he
> was up to, though.
>
> Apparently the provider doesn't think he got rooted, and was rather arrogant
> when emailed last night about that possibility (in reference to needing root
> priviliges in order to sniff). Perhaps the arrogance was a smokescreen to
> hide the fact that the box had in fact been rooted. Dunno, really.
>
> At any rate, we have instituted a policy of tightening down our commercial
> shells --- file privilieges, etc., and also we are reviewing our channel
> security policies, etc.
>
> --Joey
>
> >
> >Of course, eggdrop itself could have exploitable flaws which would
> >allow a remote user to access and compromise it. then a "sniff" would
> >not have necessarily occurred.
> >
> >> Joey Kelly wrote:
> >> > Anyone know of any local exploits for FreeBSD? In particular,
> >> > FreeBSD 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #2
> >> > Here's the deal... one of our egddrop shells was sniffed. Scott says
> >> > that the only way to sniff is to have elevated privileges, to put
> >> > the nic into promiscuous mode.
> >> > Anyone have any thoughts about this?
> >>
> >> You do need to have privilages to run a sniffer on FreeBSD for
> >> programs like "sniff", "sniffit, "queso", etc.
> >>
> >> --
> >> Since-beer-leekz, |If this were an actual emergency, Mikey
> >>
> >> |we would have all fled in terror
> >>
> >> http://24.17.118.246:81 |and you would not have been notified
> >>
> >> ___________________
> >> Nolug mailing list
> >> nolug@nolug.org
>
> --
>
> Joey Kelly
> < Minister of the Gospel | Computer Networking Consultant >
> http://joeykelly.dhs.org
>
>
> "When Government fears the people, it's liberty.
> When people fear the Government, it's tyranny."
> -- Benjamin Franklin
>
> Ich möchte ein Berliner.
> ___________________
> Nolug mailing list
> nolug@nolug.org
>
-- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDvwSacRBACDFxCdB29r+t7wZrPPDjR05atH0zh/W3kDPRlh4xOWGOGA1Qtm igNZbCAwBt8bha+ptiHOudBS28lIguDHOcaCSmH7G5XM1baEPWlC6xMMbTje6ari NEzUpLYM+COa2r72YEylRDVlOUGxyRI5Ssv1IGr8IKsfE7c/4KhdmnsJWwCgkwra tYgTYpbbwiLN227ju5OPkxkD/i5e86Jx/M+2t7VR/UZ6VtQlNweUwBed+sbMqr0Z CXqRiJWbkpaZQm5mEyrujI8wXBERLgqVS15tpA7PO1SiodTnYmOXukWfXY7/NATl EybRqptslH35GwsYN+5NgBakr2ppre3wVySLitDYguDVYYJst1K+HNu3GS9GT3gO xFX8A/wKkTZqacepmbiBAasDh+t9ZzxruDjEYI3bH9Hm2FD9p55RU/6oLN5NvXbJ 349SQBtrnyo2D1F0Zz6szNdUPocQde+QMC71uwYQvyK79sLZlAuCmBnTA8xKu4A7 mVgiD5ajs//axI/d4vVZdVclDL8Zw6Ho3/P30vdtIEjAwprIjbQtVGltIEtlbGxl eSAoaHR0cDovL3d3dy5pd3cub3JnKSA8dHBrQGl3dy5vcmc+iFcEExECABcFAjvw SacFCwcKAwQDFQMCAxYCAQIXgAAKCRBRGJ/IlxXNUCJlAJ9yPqxs2+IJT6Qm6jIx 14Dd9g18KQCfTko+Ub8M/pvj1pYOAflv4ss3dLS5AQ0EO/BJqxAEAKlz34QjhOlq YWylLAoB5GHzURTzQKVzxB4V6KPzPkDR4PWmm6W+kQO9t/8+vKimbpDYL7droORF dCab4sDau5Eud9MMOYm/m7fBC3IauVwWlsV9eskXBp1LPN6qde4ZN/QOGE91eqgY pI54rGJSZRlwLo8eRc9YGLXo6/pelvVTAAMFA/4zgygBYWb0IsxPNeWxhKrAI0yX lff1sm1zNHQ0rqGafOY1+z56vkpYXCumK9R68Q8xrhtgDsn/XiL5A1lHB02WwDpu jEwHZ9sH5wzSyINVytoy4qEblkLQ0H3th58VFntXoqrAZ73XR6hWJb7/vkUYiOFq xkMpJaOxXRPcHptCfohGBBgRAgAGBQI78EmrAAoJEFEYn8iXFc1QUEAAn1UFxlY8 G3ce7t97HeQKUa2RRtLAAJ4tBs6BiyO9VO7EPORycU1838Tj2Q== =CtWF -----END PGP PUBLIC KEY BLOCK----- ___________________ Nolug mailing list nolug@nolug.orgReceived on 01/31/02
This archive was generated by hypermail 2.2.0 : 12/19/08 EST