Ah, cable modems. A lot of cable modem users use WinGate to split their
bandwidth without buying additional IP addresses. The problem with that is
WinGate has a telnet proxy with no authentication installed by default (I'm
sure most of you have heard of this) and allows an attacker to "bounce"
around. Also, I think *nix boxes are a lot more common on cable modems than
they are on dial up, so the attacker could have broken into an innocent
users machine and attacked from there.
The point of all this is, just cause you see and IP address in your logs
does not mean that is the attackers true point of origin.
scott
----- Original Message -----
From: Derek Balling
There are alot of possibilites here. The cracker could have 1) broken into the isp and stolen an account 2) broken into a dial up user's box and attacked from there 3) stolen a dial up users password. In any case the ISP needs to know about it, and should be able to figgure out what happend, if they are clever.
scott
----- Original Message ----- From: Peter Münster
To: Cc: Sent: Friday, September 17, 1999 6:44 AM Subject: Re: [suse-security] telnet and su attack on my linux On Fri, 17 Sep 1999 gbruchhaus@makrolog.de wrote:
Ya, I did it, but rr.com seems to be a big provider in US, so the cracker could hide his attack in the dynamic IP-Adress
Normally it should be possible for a provider to identify his client by IP-adress, date and time. Peter
--
******************************************* URL: http://gmv.spm.univ-rennes1.fr/~peter/ *******************************************
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com