Re: [suse-security] telnet and su attack on my linux
On Fri, 17 Sep 1999 13:44:39 -0500 "scott" <sdanahy@home.com> writes:
Ah, cable modems. A lot of cable modem users use WinGate to split their bandwidth without buying additional IP addresses. The problem with that is WinGate has a telnet proxy with no authentication installed by default (I'm sure most of you have heard of this) and allows an attacker to "bounce" around. Also, I think *nix boxes are a lot more common on cable modems than they are on dial up, so the attacker could have broken into an innocent users machine and attacked from there.
The point of all this is, just cause you see and IP address in your logs does not mean that is the attackers true point of origin.
scott
Yes, but since IP spoofing is somewhat beyond the level of your average script kiddie cracker, there's always a trail left behind, electronically. As long as you alert ISPs, and they take action in tracking down these crackers. Let the darwinian selection begin. dan ___________________________________________________________________ Get the Internet just the way you want it. Free software, free e-mail, and free Internet access for a month! Try Juno Web: http://dl.www.juno.com/dynoget/tagj.
Yes, but since IP spoofing is somewhat beyond the level of your average script kiddie cracker, there's always a trail left behind, electronically. As long as you alert ISPs, and they take action in tracking down these crackers. Let the darwinian selection begin.
I wasn't talking about spoofing, there are many other methods that an attacker might use to hide his identity from a victim. (Wingates don't log by default, the logs in a cracked box can be deleted...etc). You can't rely on an ISP to catch the cracker either (unfortunaly) The only real solution is to make sure he doesen't get in at all. scott
participants (2)
-
earendil7@juno.com -
scott