[wplug] Threatening people who try to help (was: Speaking of
cracks? Maybe? How do you...)
Tim Quinlan
tim at techfocus.net
Sat Sep 27 03:04:43 EDT 2003
To: Russ at sugapablo.net
cc: WPLUG members
I agree with Devin's statement that a malicious person will not let you
know, in an open forum, that they have compromised a host which belongs
to a member of said forum. The info that Alexandros posted to the list
is public information. He did not crack your computer to get the info,
he simply queried the services which you left open to the public.
If you think that Alexandros cracked your computer and stole
information, you are incorrect. If you feel that you have been
compromised in some way you have only your self -- or the person who
installed the OS on your computer -- to blame.
To put it in layman's terms, all Alexandros did was look at the front
door of your house. By running all of those services on what appears to
be a poorly secured system, you basically left a very detailed note on
your front door. A note that describes everything that is in the house.
Alexandros did not appear to take anything from the house, he merely
read the list that you posted on your front door. Yes, he did tell the
neighborhood about the items on the list, but any of the neighbors
could've easily walked up to your front door and read the list for
themselves.
After examining Alexandros's findings, I would guess that the note on
your front door has been read by many persons outside of the WPLUG
neighborhood.
My suggestion to you is learn how to secure your machine. If you cannot
or will not, then at least buy a $50 Linksys/D-Link/Netgear broadband
gateway and only forward the necessary ports to your computer.
On Fri, 2003-09-26 at 17:48, Devin Lee Drew wrote:
> Alex, Russ, and all,
>
> Me
> ______
> |Soap|
> | |
> ======
>
> Only thing worth reading here: might be nice to delete that high quality
> bit of open-service assessment work from the list archive.
>
> I remember when I started looking at firewall logs. I wanted to
> blacklist all those 'bad guys' who were knocking at the various (turned
> off, or filtered) ports that they shouldn't be. Portcentry used to get
> me so excited -- oooo it added another badguy to the hosts.deny file!
> I'm saved! I wasted so much time with the kneejerk reaction: tracerouts,
> portscanning the 'perpetrator', sending nastygrams to ISP admins. I
> never threatened anyone with a lawyer though. :P
>
> If someone with malicious intent wants to portscan you, they will do so
> in a way that is exceedingly unlikely to be observable(over noise) or
> traceable. My point is that port scanning doesn't imply malicious
> intent. I'm no lawyer ... but if you are one and you can tell me that
> i'm not allowed to connect to your unfiltered portmapper over the
> internet then I'll stand corrected.
>
> Though it would have be less educational for the rest of us, a large
> mail list probably isn't the best place to share os footprinting info.
> But just my 2c.
>
> ______
> |Soap|
> | | Me
> ======
>
>
> Devin Drew
> and the Knee Jerk to the Knee Jerk Department
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
More information about the wplug
mailing list