Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dealing with Intruders?

Posted by Cliff on from the outside-assistance-for-security-issues dept.

drakyri asks: "I've been running a server for a small company for a few months. Recently, the number of attempted intrusions has jumped from about one every week to several per day - and these are only the really obvious attempts, like idiots who try to log in as root from the outside. The problem is that I'm not sure what to do about this. I've got their IP addresses and can usually tracert their ISP's - is there an accepted type of letter to send them without seeming like one of the corporate cease-and-desist gnomes?"

34 of 656 comments (clear)

  1. just forget it by Anonymous Coward · · Score: 1, Funny

    ignorance is bliss!

  2. DMCA by Amiga+Lover · · Score: 4, Funny

    Use the DMCA to... I don't know, scare them or something. Mention RIAA and MPAA to their ISPs too.

    1. Re:DMCA by Anonymous Coward · · Score: 4, Funny

      Tisk tisk, using the DMCA for something usefull is unpatriotic.

  3. Skript kiddiez by robogun · · Score: 4, Funny

    I haven't seen any similar increase in activity. Does your firm have enemies? For instance, does your first name rhyme with Carl?

  4. I tried to log in as root.. by Anonymous Coward · · Score: 5, Funny

    on my University's network more than once. I ran Linux and I got into the habit of logging in as root, and sometimes I'd try to log in without thinking just after starting a telnet session. I didn't receive any notice from the U, but in this post-9/11 hellmouth, I'm sure I'd have been reported to the FBI as a potential terrorist.

    1. Re:I tried to log in as root.. by Lord+Kano · · Score: 5, Funny

      Only if you are of arabic race or have an arabic name.

      Arabic isn't a race. Arabs, technically, are caucasians. They're just curly haired, tanned white people. Not entirely unlike Italians.

      LK

      --
      "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
    2. Re:I tried to log in as root.. by LearnToSpell · · Score: 2, Funny

      Most of these people weren't alive before ssh.

      --
      Haida Manga
    3. Re:I tried to log in as root.. by thisissilly · · Score: 2, Funny
      So how did you remotely administer Unix boxes prior to ssh?

      Log in as a normal user, and su, of course.

  5. Letter by Pinkfud · · Score: 2, Funny

    Write in sloppy block letters: Ve know who you are. Do it vun more time und ve get NASTY!

    --
    The world is my oyster. That's why it's always in a stew.
  6. Not a cease-n-desist gnome... by AngstAndGuitar · · Score: 5, Funny

    You might consider sending a handwiten letter and use your own name, that would seem a bit more human. Also, most large companies will send polite-but-firm letters, so just threaten bodily harm to them and their pets, that should sound pretty un-corporate. I suppose only the first sugesstion is really a good one, but I like the second one more, so I'm not going to remove it from my comment.

    --
    Less look fast, more go fast.
    1. Re:Not a cease-n-desist gnome... by raam · · Score: 2, Funny


      Dear Blankety-blank:

      Hi. I'm real, real sorry to take your time. I mean, if you don't have time, I understand, and, after all, I don't want to sound like a corporate gnome ]:-) :))). I know you're a real nice hacker, not one of those Russion mob nut-jobs...ah, oops, didn't mean to call names! Anyway, I was just wondering if, if it's not too much trouble, if you could not hack me. I understand that you are a person and have needs, but, and if this bothers you and I sound like a gnome, just let me know(! :) :O :>>), I was wondering if you would help a brother out. Thanks, and if this offends you in any way, please send it back to me and, as you can, guess, I will certainly roll it up and put where any spineless dork might. Thank you so much. Thank you, thank you. You are too kind. Thank you.

      Sincerely,

      D.U. Fus, the Administrator
      Tepid Water Suppositories, inc.

  7. Do what Mr Burns does... by Anonymous Coward · · Score: 5, Funny

    Nothing beats the personal touch of hired goons...

  8. I swear I won't do it again! by teamhasnoi · · Score: 2, Funny

    Just don't tell my mom! She'll take away my Compaq, or make me install SP2!

  9. And the problem is... by Anonymous Coward · · Score: 2, Funny

    ...the attempted intrusion detection package.

    It's wasting your time.
    It makes you worry.
    It makes you ask silly questions on slashdot.

    The solution is to trash it, you don't need it, Linux is unbreakable anyway.

  10. Call their parents by Monkelectric · · Score: 5, Funny

    True story: About 8 years some friends and I were getting o3ned DAILY by a hacker. One of these friends had a buddy in IBM's security division, who somehow got us a name and phone # of our hacker. We felt like asses when we found out we were getting beat down by a 15 years old. But we called his dad, explained what was going on, and that we knew where he lived. Problem SOLVED :)

    --

    Religion is a gateway psychosis. -- Dave Foley

  11. I'm sorry... by schnits0r · · Score: 2, Funny

    I didn't know that I was that big of a problem to your company, I shall stop. Sorry for any inconveinience.

    --


    -------
    Support Indy Music. Buy
  12. Hack them back! by Numen · · Score: 4, Funny

    Whatever they're doing to you have a go back at them... chances are their system isn't as secure as yours.

    At the very least it's more fun than writting an e-mail!

  13. normal for this time of year by phek · · Score: 5, Funny

    It's really normal to notice a huge increase in attacks this time of year. With the passing of defcon and black hat this month, a lot of new security vunerabilities have been released, and all of the 'script kiddies' are eager to try them out. The best thing to do is make sure all your software is up to date, and get familiar with the new vunerabilities that are out so you can protect yourself.

    As far as reporting them, you could try all day and not be able to report all of them, and even if you did, they're most likely attacking from someone else's vunerable machine. The only thing you can really do is watch out for anyone who's aggressivly attacking you (i.e. one person who's running lots of attacks on you trying desperately to break into your machine at any cost), and report those ones, or if you can find a way to contact that person, tell them to stop before you report them to their isp and/or authorities, this will usually scare most people off.

    Once you do start paying some decent attention to security releases, a lot of these stupid things people try won't surprise you, like the ssh root attempt is because some tool came out recently that just scans netblocks for anyone running ssh and try's logging in as two different users with no password, root being one of them. If your not familiar with where to find security releases, here's some good places to start:

    packetstorm security
    Security Focus

  14. Tactical nuke by kinema · · Score: 2, Funny

    I'm surprised nobody has suggested this before but I would recommend a tactical nuclear strike against the intruder. I've found that this simple step typically quells the attack.

    1. Re:Tactical nuke by DiscoDave_25 · · Score: 2, Funny

      George... Is that you?

  15. Re:I had someone trying to brute force ssh.. by Jedi+Alec · · Score: 2, Funny

    heh, sysadmins gotta stick together these days. maybe some sort of world-wide affiliation is required, "Sysadmins against kiddies"...hmm, no, that came out kinda wrong

    --

    People replying to my sig annoy me. That's why I change it all the time.
  16. Re:Somewhat offtopic, but how do people deal with by Inda · · Score: 2, Funny

    Post the name and address here as AC.

    --
    This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
  17. Re:Create a honeypot by Anonymous Coward · · Score: 2, Funny

    Bah, pissing them off is fun. I did that quite a bit in the 90's when I ran an ISP. certian accounts that I nevr logged in as I changed the /bin/sh in the passwd file to /bin/biteme and had a nice 10 line c program that simply flooded the screen with profanity ended with, "go away loser" and then exited logging them off cince there is no shell. It took no input so no buffer overflows are possible.

    I was entertained by the more "pissed" hackers that ran into that. espically the ones with so little self control they would email me insults at administrator@myisp (A true sign of a poser-cracker, a real cracker is not stupid enough to start emailing the target.... a real cracker is silent as a mouse.)

    go ahead and piss them off, the real ones dont get pissed.

  18. Re:Ignoring it == making the problem worse by Anonymous Coward · · Score: 5, Funny

    I swear, just like a women to take a technical problem and solving it by nagging someone's ear off

  19. Re:Somewhat offtopic, but how do people deal with by 241comp · · Score: 2, Funny

    Preferably the job should be outsourced to a 3rd party subcontractor of foreign origin

    Ack! Now even slashdot is promoting offshoring!!! Ugh...

    --
    Full-Featured GPL Web Hosting Control Panel
  20. Re:Ignoring it == raising criminals by Anonymous Coward · · Score: 5, Funny

    You fool! You had a strange woman just walk in and use your bathroom, and you let her get away? Arrrgg!

  21. Re:Abuse@ by caluml · · Score: 3, Funny
    the minute you set foot on British soil

    Northern Ireland, Gibraltar, Hong Kong (not any more), Palestine (not any more), Australia (not any more), Canada (not any more), India (not any more), Malaysia (not any more), Yemen (not any more), Rhodesia (not any more), US (not any more)

    Damn. We're getting smaller. When did that happen?

    --
    Get your own free personal location tracker
  22. Easy, really by KlausBreuer · · Score: 4, Funny

    The online cartoons - once again - show us how the world works. Here you can find the difference between Hollywoods form of dealing with intruders, and The Real Worlds:

    Bigger Than Cheese
    --
    Free PC version of ChipWits at http://www.breueronline.de/klaus/chipwits/
  23. Prevention Program by Anonymous Coward · · Score: 1, Funny

    This is like the kid that walks down the parking lot, checking all the car doors. Private property, which means the company has to call the cops.

    If you want to do something, then you can send a letter to the ISP. Otherwise, you have to make like the Brittons; batten down the hatches and hope the Luftwaffe pass you by.

    I guess you can go hunting, too. Hack the ISP, grab a ballbat, and send a "cease and desist" request yourself. An ounce of assbeating is worth more than a pound of Congressional Legislature.

  24. How we handle these situations in Finland by Anonymous Coward · · Score: 1, Funny

    I once heard a story about a someone who had a (warez) ftp server which someone kept brute forcing. This happened here in Finland, in a small town of about 20000 residents (in which I don't live in, though).

    Being a little pissed off as the attacking continued for some time consuming his precious bandwith, he tracked his IP and with some social engineering he found out the attacker was just some high-school script kiddie, along with the information of where he lived. So he went where the attacker lived and left a note on his home door with something like "stop bruteforcing my server or else...".

    Suddenly, the attacks stopped :)

  25. Take advantage of being r00ted by Anonymous Coward · · Score: 1, Funny

    If they manage to get root on your box, they'll probably do one of several things once you clean up all of the root kit mess.

    If they put an irc bot on your server, you can steal their channels. They're practically giving you, someone they don't know, access to their botnet.

    If they set up a warez ftp, you can have some fun with them by putting trojans into their files. Since they've already saved you the time of putting warez on your computer, be sure to copy anything good first.

    If they're using your machine for DDOS floods, you may be able to hijack their DDOS network, use it against your enemies or competitors, and blame it on some dirty hackers.

    If they steal your database of credit card numbers, it's a sign that you should quit your job and find a new career.

  26. There's no porn at http://example.com... by LordPixie · · Score: 2, Funny

    You apparently misstyped the URL of your porn server. Please resend.


    --LordPixie

  27. Re: "Arabs are white people." by nusratt · · Score: 2, Funny

    "Arabs, technically, are caucasians. They're just curly haired, tanned white people. Not entirely unlike Italians."

    WTF? Italians are white people? ;-)

  28. Re:Companies don't care. by whoppers · · Score: 2, Funny

    As an ex-IRC addict, I learned the ping -t and other commands early on, and that a shell account could really whup up someone on a dialup, which was usually me. One time I did start pinging some dialup guy from a shell, when someone on the shell msg'd me asking what I was doing, I replied "none of your business" he replied "goodbye". Dialup and everything dropped as he was the admin. Oh the days of being young, dumb and full piss and vinegar, glad they're over.