I do NOT advocate cracking BUT we should appreciate the fact that Sibayan
was honest with sharing his knowledge/experience. I am sure he never had any
evil intentions and if he had any, he would never have come out in this
forum sharing his knowlege. With root access to VSNL's server and wrong
intentions, he could have done much harm which I am sure he never did.
Having knowlege is one thing and misusing that knowlege is another. I
beleive that good system administrators should know more about cracking so
that they can take care of all such security issues on their servers.
Yes, Suresh may be right that this might not be the proper forum to discuss
cracking where we basically discuss installation and other problems related
to Linux.
A good Policeman HAS to know different tricks/methods used by thieves to
effectively stop them ;-)
So let us not be so harsh to Sibayan this time.
Excuse me Suresh if you think that I am wrong.
----- Original Message -----
From: Suresh Ramasubramanian <[EMAIL PROTECTED]>
To: Linux India Help <[EMAIL PROTECTED]>
Cc: Sibayan Das. <[EMAIL PROTECTED]>; Thaths <[EMAIL PROTECTED]>
Sent: Sunday, March 12, 2000 19:16
Subject: [LIH] Re :[OT] Hackers
>
> Sibayan Das saw fit to inform LIH that:
>
> > Last year arround Oct-Nov one fine mornin' I was playin' with Telnet. I
was
> > experimentin' on cal2 server of VSNL. As it is it was hackneyed. Then I
> > tried FTP on cal2, which I never did. I got root access. I came out
without
>
> You want me to forward this to VSNL Calcutta? In fact, I will.
>
> > any exploytation. Then after I did the same thing for 'bout 10 times for
2-3
> > months. After that one day I along with my friends got a System
Privilage
> > saying VSNL is closin' all its shell accounts with telnet access. I
don't
>
> Primarily because of morons like you cracking their servers. Also
> because we at CAUCE India complained to VSNL Calcutta that their servers
>
> 1. Were open relays (see http://www.orbs.org/otherresources.html for
> more info on WHAT an open relay is)
>
> 2. Were full of security (including root access) holes, and lots of
> people were downloading and cracking their /etc/passwd file, and
> spamming all the users listed in the file.
>
> VSNL, in their infinite wisdom, shut down port 23 (telnet) when our
> complaints were about insecure port 25 (smtp). Anyway, it's pretty good
> they did it - if they don't have enough of a clue to secure their
> servers (simple thing would be to upgrade and patch their antique
> boxes), they can at least prevent stupid script kiddies like you from
> accessing unix accounts and trying out age old, commonly available hacks
> (and thinking they are gr8 31337 h4x0r d00dz).
>
> If cracking is your idea of "linux", I'd strongly advise you to
> unsubscribe from the list ~before~ you are booted.
>
> > know whether it was corelated but the fact is VSNL didn't check its Log
for
> > for at least 3 months. I've NT & *nix Pass Crackin' utilities, with the
>
> Script kiddie for sure - real crackers wouldn't need any "utilities" to
> break in to vsnl.
>
> > help of that I can get the passes. I was ashamed thinkin' our leadin'
ISP's
> > system config was so poor. I did the same thin' with many other servers.
>
> Hypocrite. If you could tell me which other servers, I'll take the
> trouble to mail their admins. For now, am mailing Thaths - with the
> request that he boot your miserable ass from the list. Thaths - please
> take action - we can't have LI being populated by crackers.
>
> > So if you discuss anythin' 'bout crackin', I'm always here for gatherin'
> > knowledge. Any body can use this for security reason.
>
> That's what they ALL say.
>
> --
> Suresh Ramasubramanian | President, CAUCE India
> [EMAIL PROTECTED] | [EMAIL PROTECTED]
> http://www.india.cauce.org | Stopping Spam In India
> --
> The debate rages on: Is PL/I Bachtrian or Dromedary?
>
> -----------------------------------------------------------------------
> For information on this and other Linux India mailing lists check out
> http://lists.linux-india.org/
-----------------------------------------------------------------------
For information on this and other Linux India mailing lists check out
http://lists.linux-india.org/
