[geeks] Oops...
Kurt Huhn
kurt at k-huhn.com
Sat Jan 12 09:09:08 CST 2002
I'm having trouble understanding why someone would let on that they're being
hacked, and then attempt to solicit help in tracking down the hackers.
In my experience, one never lets on that they're undertaking activities like
this - and surely doesn't allow it to get out that some particular box is a
honeypot. Don't you think? It really sounds somewhat, amatureish. I'm not
certain that these guys have a whole lot of experience in tracking down
hackers.
Why, even if that were true, would someone open up an anonymous ftp server
with a metric assload of attractive files? What would that gain them? A
list of legitimate users, who happened to find the FTP server, and download
some files? That server was *chock* full of goodies. Whether any of them
were actual file bombs I don't know. But file bombs are *not* a method for
tracking hackers - they're a method for getting even with people that you
suspect might have something to do with your problem. Frankly, if that's
true, they'll need to prepare for even more shit to hit the fan when people
find out what has happened to their systems...
As I said before, amatures....
Kurt
> Well, I can't think of anything that this would help them with. When being
> probed its better to stay quiet and let the joker do his work (with lots
of
> logging).
>
> ~ runs Frys.com. He confirmed that that was a honey pot, with a
> ~ lot of files
> ~ that would overwrite other critical files one Windows, Mac, AND Unix
> ~ systems. He mentioned a "file bomb," that would over write
> ~ /etc/password. (*rolls eyes,* like any one would actully run
> ~ an unknown
> ~ file as root?) But he still wanted help tracking down another
> ~ domain that
> ~ apparently had been trying to hack into the site. And that is
> ~ apparently
> ~ in Oregon. Unluckily for him, I don't have any of those
> ~ emails any more
> ~ so... SOL.
> ~
More information about the geeks
mailing list