discussing third party's security
Results 1 to 6 of 6

Thread: discussing third party's security

  1. #1
    Senior Member
    Join Date
    Aug 2003
    Posts
    185

    discussing third party's security

    uh, heavy to find a good subject for this thread...
    however...i will try carefully speaking about.

    lets say,
    you found a IP in your logfiles to many times,
    portscanning your host, trying passwords and so on.

    what would you do ?

    yes, you would say:
    "Let us have a look on it !"

    "What ports are open there?"

    let's say,
    you scanned the host and the only thing you found compromisable
    is a anonymous ftp server.
    you would login to see whats goin on there, won't you?

    but, and thats my question,
    what would YOU do if you'd found a way related on the stored files there
    to gain administrative rights on that host ?
    would you tell the admin there how to compromise his machine ?
    may be the machine is beeing used for bad things by UNKNOWN,
    the admin could say that YOU have done all that **** there...!?

    please tell me what you think about.

    and, please please do not answer me like:
    "send him your logs" (to show him his machine is goin deep into abuse)
    or something equal 'cos i wasn't never in such a situation
    and i never ever wasn't there to try getin in.

    thanks to you by treating it like never happened ...

    stanger

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Re: discussing third party's security

    Originally posted here by stanger
    uh, heavy to find a good subject for this thread...
    however...i will try carefully speaking about.

    lets say,
    you found a IP in your logfiles to many times,
    portscanning your host, trying passwords and so on.

    what would you do ?
    Send an email to the abuse desk at the provider hosting that ip.


    yes, you would say:
    "Let us have a look on it !"

    "What ports are open there?"

    let's say,
    you scanned the host and the only thing you found compromisable
    is a anonymous ftp server.
    you would login to see whats goin on there, won't you?

    but, and thats my question,
    what would YOU do if you'd found a way related on the stored files there
    to gain administrative rights on that host ?
    would you tell the admin there how to compromise his machine ?
    may be the machine is beeing used for bad things by UNKNOWN,
    the admin could say that YOU have done all that **** there...!?
    You'll be walking on thin ice here. You DO run the risk of backfire.
    Just tell them what you saw in YOUR logs and have them figure out what happened.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    I'd email the the abuse contact as mentioned & tell them that you have had a number of attack attempts from that machine & then block the ip address at the firewall.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  4. #4
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    oh,dear, read again.
    It's just a scenario.
    I don't want your DEFAULT answers on such a question.

    I know about the thin ice, but it is not my problem....

    > I heard about a computer magazine founding a vulnerable host and
    attempting to help the admin and emailed him,
    they were pushed to court .
    the admin said that the journalists there did all that exploiting and they
    were goin into big trouble 'cos the clock of the host was not right.

    I wanna know what you think about help each other.
    or let him die stupid.
    Industry Kills Music.

  5. #5
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    IMHO I'd pretty much do the same. I'd send them the logs and offer to my help to secure it. If it backfires, the admin wouldn't really have much proof I think to get you in any kind of serious trouble expect an exchange of words. I would def. feel bad if I treated it like it never happened because i would like someone to tell me if it happened to me.

    cheers

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by stanger
    oh,dear, read again.
    It's just a scenario.
    I don't want your DEFAULT answers on such a question.
    The default answer is the only reasenable answer you're going to get. It's also your only safe option.

    You're basicly counter-attacking the offending host. This will inevitably backfire on you.
    Even if you were a nobel person and patched the offending host so it isn't vulnerable anymore, you are still committing a crime (in some countries) by breaking into that host.

    Do NOT email the admin to tell them you can break into their system and you can fix this for $xxxx. This is called blackmail.

    The only way to help them is to report them to their ISP. The ISP can make them patch their system or they lose their Internet connection. If they don't know how to do it they should hire someone that can.

    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •