-
December 29th, 2003, 04:09 PM
#1
Senior Member
discussing third party's security
uh, heavy to find a good subject for this thread...
however...i will try carefully speaking about.
lets say,
you found a IP in your logfiles to many times,
portscanning your host, trying passwords and so on.
what would you do ?
yes, you would say:
"Let us have a look on it !"
"What ports are open there?"
let's say,
you scanned the host and the only thing you found compromisable
is a anonymous ftp server.
you would login to see whats goin on there, won't you?
but, and thats my question,
what would YOU do if you'd found a way related on the stored files there
to gain administrative rights on that host ?
would you tell the admin there how to compromise his machine ?
may be the machine is beeing used for bad things by UNKNOWN,
the admin could say that YOU have done all that **** there...!?
please tell me what you think about.
and, please please do not answer me like:
"send him your logs" (to show him his machine is goin deep into abuse)
or something equal 'cos i wasn't never in such a situation
and i never ever wasn't there to try getin in.
thanks to you by treating it like never happened ...
stanger
-
December 29th, 2003, 04:22 PM
#2
Re: discussing third party's security
Originally posted here by stanger
uh, heavy to find a good subject for this thread...
however...i will try carefully speaking about.
lets say,
you found a IP in your logfiles to many times,
portscanning your host, trying passwords and so on.
what would you do ?
Send an email to the abuse desk at the provider hosting that ip.
yes, you would say:
"Let us have a look on it !"
"What ports are open there?"
let's say,
you scanned the host and the only thing you found compromisable
is a anonymous ftp server.
you would login to see whats goin on there, won't you?
but, and thats my question,
what would YOU do if you'd found a way related on the stored files there
to gain administrative rights on that host ?
would you tell the admin there how to compromise his machine ?
may be the machine is beeing used for bad things by UNKNOWN,
the admin could say that YOU have done all that **** there...!?
You'll be walking on thin ice here. You DO run the risk of backfire.
Just tell them what you saw in YOUR logs and have them figure out what happened.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
December 29th, 2003, 04:37 PM
#3
I'd email the the abuse contact as mentioned & tell them that you have had a number of attack attempts from that machine & then block the ip address at the firewall.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
December 29th, 2003, 05:24 PM
#4
Senior Member
oh,dear, read again.
It's just a scenario.
I don't want your DEFAULT answers on such a question.
I know about the thin ice, but it is not my problem....
> I heard about a computer magazine founding a vulnerable host and
attempting to help the admin and emailed him,
they were pushed to court .
the admin said that the journalists there did all that exploiting and they
were goin into big trouble 'cos the clock of the host was not right.
I wanna know what you think about help each other.
or let him die stupid.
-
December 29th, 2003, 05:52 PM
#5
IMHO I'd pretty much do the same. I'd send them the logs and offer to my help to secure it. If it backfires, the admin wouldn't really have much proof I think to get you in any kind of serious trouble expect an exchange of words. I would def. feel bad if I treated it like it never happened because i would like someone to tell me if it happened to me.
cheers
-
December 30th, 2003, 11:34 AM
#6
Originally posted here by stanger
oh,dear, read again.
It's just a scenario.
I don't want your DEFAULT answers on such a question.
The default answer is the only reasenable answer you're going to get. It's also your only safe option.
You're basicly counter-attacking the offending host. This will inevitably backfire on you.
Even if you were a nobel person and patched the offending host so it isn't vulnerable anymore, you are still committing a crime (in some countries) by breaking into that host.
Do NOT email the admin to tell them you can break into their system and you can fix this for $xxxx. This is called blackmail.
The only way to help them is to report them to their ISP. The ISP can make them patch their system or they lose their Internet connection. If they don't know how to do it they should hire someone that can.
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|