I know why I have never been (knowingly) cracked

***hypronix*** · April 6th, 2004, 07:57 AM

What nessus.. what, you guys haven't heard of SubSeven?

And you think you're any good :P

Anyway you should not complain. I mean things might change soon etc

**bluthund** · April 6th, 2004, 09:04 AM

Hi Tiger Shark,
I'm doing the ol' CCNA classes at school and read about ACL's a bit.
Question is, are your ACL's configured on a router or the box, and are you
logging from the box (ie. host based or network based logging). I don't know much, so take this with a grain of salt.

g8way2u

***Tiger Shark*** · April 6th, 2004, 10:11 AM

Bluthund: Nope... My logging works just fine and my tests prove it. I have Snort running independently and added a simple rule:

alert any any -> $HOME_NET 21 (msg: "Incoming FTP"; Flags: S; classtype: bad-unknown;)

It runs on a box outside the firewall with the server being in the DMZ so it sees all incoming packets. Then the firewall logs all incoming allowed and denied packets for port 21 too and nothing pops up on that either except when I test. I haven't looked for about 16 more hours now so maybe I got something.... I'll have to dig through a lot of logs now though since I spent a long time scanning that server for vulnerabilities last night and a lot of the scanning was against port 21.

[Edit]

Yeah... finally... probably one of you lot trying to make me feel "wanted" ;) scanned my entire public subnet for port 21 at 2:06 am using a computer in Cologne, Germany. No connection attempt has been made..... In the nearly 4 days it has been out there I would have expected to have seen someone trying a couple of commands here and there.... I'm going to be fully implementing it later this week and then, when I don't want all the dross to wade through, I'll probably get a ton of it..... <sigh>

[/Edit]

***mark_boyle2002*** · April 6th, 2004, 01:08 PM

I will see both of your attempts and raise you a finger,traceroute, portscan, DDOS attack, sploit scan, e-mail trojan offering free pron, and a power cut !!

***ZomBieMann77*** · April 6th, 2004, 01:10 PM

Okay mark you win

***chsh*** · April 6th, 2004, 03:48 PM

I'll see all comers, but I'll raise you a B&E, and busting the machine apart with a 10lb sledge. :P

That's odd Tiger Shark, but it may have something to do with the segment of the 'net you are on. I found that commercial AT&T access generally had fewer people prodding it than my cable 'net access did. I was doing some mean time to root testing on a box unsafe on AT&T's service, and default IIS + FTP was rooted and someone was uploading files in about three hours (rooted around 1PM, box was put up online at 10AM same day).

Might also have something to do with it being/coming up on exam time, ya never know. :P

***Tiger Shark*** · April 6th, 2004, 04:03 PM

chsh:

Might also have something to do with it being/coming up on exam time, ya never know. :P

Love it..... Gave me a good chuckle..... but then you might be right.....

**Lv4** · April 6th, 2004, 06:25 PM

Originally posted here by HTRegz
I'll see your portscan and pings and raise you a complete vuln scan with nessus, and maybe a lil retina or Core Impact action as well....

Peace,
HT

So what do you think about that Core Impact software? They have been bugging the bujeebus out of me for the past couple of months. I don't know anyone that has actually used their product/services before so I have just been putting them off.

Oh, and one of my corporate FTP servers that has been sitting out there "swinging in the breeze" for about a year now just started picking up unauthorized attempts on it. yay, it's made my past few weeks much more interesting and fun

Thread: I know why I have never been (knowingly) cracked

Thread Tools

Display

Posting Permissions