To prove my point, I just hacked www.cwru.edu and installed a really nasty
exe-redirected, polymorphic ACK-tunnel-style Trojan running invisibly with
system authority. The Trojan connects outbound through the University
firewall to netcat listening on a FreeBSD machine located at Freedom.net,
providing me with a shell login on your system. It does so only in brief
spurts using an algorithm to derive the connection time and destination port
number in a predictable fashion at my end. You'll probably never catch it in
the act. Naturally, I did not deface your web site. You see, I "really want
to screw with you," so I don't won't make it too obvious that I'm really in
there. Better reformat your hard drive now--the sooner the better. :-)
Eric Robinson
Network Architect
edurus, Inc.
www.edurus.com
-----Original Message-----
From: Jose Nazario [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 25, 2001 9:39 AM
To: Eric Robinson
Cc: [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
On Fri, 25 May 2001, Eric Robinson wrote:
> Members of this list who suggest that you should reformat and
> reinstall after a hacking inicdent are only partially correct.
> Starting with a clean slate is the only way to be sure you have
> eliminated your problem if you don't already know the exact nature of
> the attack. In this case, we do. :-)
no, you don't.
if i really wanted to screw with you, i'd make all outward signs look like
something else relatively benign (deface the webpage in the same fashion),
but install some backdoors. as long as i was running around racking up
boxes with a known exploit, i may as well have some fun with it as well.
unless you have a host based integrity monitoring system, ie Tripwire,
don't make any assumptions based on what you have observed using a
compromised system.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
