why doncha see if we can find out what sat that is. betcha there are many that would love to claim the prize to compromising the first "publicly known" orbital ftp box.
or - talk about collocating. I would LOVE to be able to say - "earthquake proof!! heck - all my servers are protected by 1500 miles of atmosphere - and have the best possible physical security you can find. (problem is I wasn't allowed to run linux - so rebooting them after blue screen's a bitch:)
another good point - but they are not there for you to satisfy your curiosity - they are to run our business (and quake servers:P ) so I dont care why you scan or whatever - you get blocked.
basically - they are only for what service they were built for - not a training mech.
good point. but we also have 24/7 eyes on our servers - and would be able to rectify the problem in minutes. especially cuz the hosts are multi homed and have alternative ways to access - just in case their is an event that kills the "internet" connection.
that way - even if it isnt an "attack" that knocks it off line - we can still get into it to make sure it is happy.
Better yet (although that would be good) can we get some forums started for registered/.ers only.
Since/. has one very informed userbase when it comes to security, programming etc... I would really like to see/. forums that allow for fellow/.ers to answer my questions.
or do you already have this and I am just missing them?
anyway - provide another method for us to tap the knowledge base that are/. readers. Maybe even have challenge of the day/week that gives a prize to the reader who can answer the question.
we have many systems in house and collocated that get scanned and attacked regularly. we use syslog to pipe ALL logs back to a central server. this server then runs LOGCHECK against the logs, and emails and prints all signatures found.
Logs are reviewed as the come in via email - and daily the printed logs are reviewed by several ppl to ensure that "many eyes" look for anomolies. This way - we never miss anything that looks strange.
We ran this system with no filters for about a month and a half to determine what items would be ok to ignore (standard system events, cipe key syncs etc)
In addition we run port sentry, and lids. port sentry will permanently block any IP that scans us (we get scanned at least 3 times a week) and lids is setup to make all log files (and others) to be APPEND ONLY - even by root.
Unless our systems get compromised AND the hacker can unlock lids - he really doesnt even have root access.
Last - any scan that comes in gets investigated. 1. permently block that IP 2. trace the IP (ping,nslookup,whois etc) 3. contact that site/isp/etc. via email with the log excerpts that show the attack. 4. archive for eventual turn in to FBI
here is something that you will really find interesting: this is the response from one scan that came through:
We sincerely regret any inconvenience/consternation the probing from 216.181.81.11 may have caused you and/or your organization. The machines that have had the name excaliber.barnhard.net have been the subject of a number of attacks which have been investigated by the FBI and in some case may still be under investigation. Based on the prior investigations we agreed to make a reasonable effort to collect data concerning any subsequent attacks, and in particular any attacks which may have some relationship to prior events. Whereas it is possible that three different random hackers have figured out independently that the machines bearing that name are used for testing/training on our network and have used an exploit suitable for whatever variant of Linux happened to be installed at the time. I think as the number of times it gets hit increases it is increasingly unlikely. Regardless, the boys/girls responsible for this are likely unaware that once an attack is confirmed we activate an upstream monitoring process that records all of the incoming packets, which we will forward to the FBI. Our poor abused testing machine then gets backed up to tape, wiped, and then reincarnated when needed again. It is interesting, but it is also getting old fast. As such, we have made the decision that our future test machines will be locked down boxes like our production equipment. If anyone is interested in the construction of suitable blackhole boxes that could assist the FBI in tracing these folks, instead of having to leave hacked machines live I think it would be a good thing. I am sure they would be interested. If we could lay a cracker trap that would only cost a modest amount of bandwidth and CPU cycles that could gather the necessary evidence on the cracker without enabling them to carry out real attacks, I know I would be interested.
Once again, thanks for letting us know you were scanned, We sorry to have darkened your doorstep in these regards. The machine has been taken down and subsequently replaced.
If you have any questions related to this matter I can be contacted at the address/email/phone shown below. Our contact with the FBI is Special Agent Kevin M. Walsh who can be reached at kwalsh@leo.gov.
I am in no way implying that we should return to those days - I AM saying that for all that we have "accomplished", look how bad everything is.
Yes - the.gov is bad and if you fix em - the corps wil have to fall in line - you are correct.
I am just expressing my frustration for the useless creations and lifestyle of the modern world (myself included - I in no way feel that I have contributed greater than anyone else - although I have built a lot of really cool networks, in the grand scheme of things it means nothing.)
Why would you think that Monsanto would give a damn about a humanitarian effort to place farms in an area where it was previously difficult to grow crops.
a) they can get the land for practically free b) no-one will be around to see what "innovative" new veggies they attempt to test there. c) pay off the local.gov and you have a rather isolated test lab with $0 pay labor
Take a look at what has been going on in this world - how many ppl have you heard of latley getting cancer. This is absolutley crazy - yes there may have always been cancer - but I don't think it has ever been so wide spread.
Basically we are looking at the death humanity - from the garbage that we eat and the garbage that we produce.
how often do you go through a day without eating food that is almost an impossibility (mcdonalds.89c for a burger. what the hell part of the cow is that crap made out of - and how could it possibly be.89c etc..) The shit we are being fed these days is killing us - but so long as the package it all nice and pretty we dont care, we just put that saw dust in our belly and go on our happy little way.
we have no leadership in this world - challenge you to name one goal that humanity in general is aiming for. one thing that ppl can work towards and know that we are truely sentient beings with a purpose. NOTHING - megacorp market creation keeps us sedated on a phat diet of processed labrotory products engineered to keep our mind off the fact that our lives are absolutley pointless.
the article also stated that apple is(has) creating(ed) a wireless keyboard as well. doesn't say if it's IR or other.../. Challenge: create a small bug that can intercept the stream between the wireless keyboard and the machine - and transmit the keystrokes to a receiver. two cases of coke to the first to accomplish.
anyone interested in developing MMORPG games to run on linux clusters?
Details Deatils - your first post should have been a description of what you built, how you built it, what it will do and how can you make it easier for me when I build mine.
is all your work going to be open source. will you release your customizations to us.
great explaination - but I dont think that this kid is quite to the level to understand what you just said.... he appears to not know the diff. between routers and switches.
Slashdot Mirror
um, happen to have that IP...
:)
why doncha see if we can find out what sat that is. betcha there are many that would love to claim the prize to compromising the first "publicly known" orbital ftp box.
or - talk about collocating. I would LOVE to be able to say - "earthquake proof!! heck - all my servers are protected by 1500 miles of atmosphere - and have the best possible physical security you can find. (problem is I wasn't allowed to run linux - so rebooting them after blue screen's a bitch
they have those - called DUPLO (R)
but they are for kids.
they should make conductive legos so we can build lego circuits out of them.
imagine the first ever lego box running linux.
another good point - but they are not there for you to satisfy your curiosity - they are to run our business (and quake servers :P ) so I dont care why you scan or whatever - you get blocked.
basically - they are only for what service they were built for - not a training mech.
good point. but we also have 24/7 eyes on our servers - and would be able to rectify the problem in minutes. especially cuz the hosts are multi homed and have alternative ways to access - just in case their is an event that kills the "internet" connection.
that way - even if it isnt an "attack" that knocks it off line - we can still get into it to make sure it is happy.
Better yet (although that would be good) can we get some forums started for registered /.ers only.
/. has one very informed userbase when it comes to security, programming etc... I would really like to see /. forums that allow for fellow /.ers to answer my questions.
/. readers. Maybe even have challenge of the day/week that gives a prize to the reader who can answer the question.
Since
or do you already have this and I am just missing them?
anyway - provide another method for us to tap the knowledge base that are
here is the way I do it:
we have many systems in house and collocated that get scanned and attacked regularly. we use syslog to pipe ALL logs back to a central server. this server then runs LOGCHECK against the logs, and emails and prints all signatures found.
Logs are reviewed as the come in via email - and daily the printed logs are reviewed by several ppl to ensure that "many eyes" look for anomolies.
This way - we never miss anything that looks strange.
We ran this system with no filters for about a month and a half to determine what items would be ok to ignore (standard system events, cipe key syncs etc)
In addition we run port sentry, and lids. port sentry will permanently block any IP that scans us (we get scanned at least 3 times a week) and lids is setup to make all log files (and others) to be APPEND ONLY - even by root.
Unless our systems get compromised AND the hacker can unlock lids - he really doesnt even have root access.
Last - any scan that comes in gets investigated.
1. permently block that IP
2. trace the IP (ping,nslookup,whois etc)
3. contact that site/isp/etc. via email with the log excerpts that show the attack.
4. archive for eventual turn in to FBI
here is something that you will really find interesting: this is the response from one scan that came through:
We sincerely regret any inconvenience/consternation the probing from 216.181.81.11 may have caused you and/or your organization. The machines that have had the name excaliber.barnhard.net have been the subject of a number of attacks which have been investigated by the FBI and in some case may still be under investigation. Based on the prior investigations we agreed to make a reasonable effort to collect data concerning any subsequent attacks, and in particular any attacks which may have some relationship to prior events. Whereas it is possible that three different random hackers have figured out independently that the machines bearing that name are used for testing/training on our network and have used an exploit suitable for whatever variant of Linux happened to be installed at the time. I think as the number of times it gets hit increases it is increasingly unlikely. Regardless, the boys/girls responsible for this are likely unaware that once an attack is confirmed we activate an upstream monitoring process that records all of the incoming packets, which we will forward to the FBI. Our poor abused testing machine then gets backed up to tape, wiped, and then reincarnated when needed again. It is interesting, but it is also getting old fast. As such, we have made the decision that our future test machines will be locked down boxes like our production equipment. If anyone is interested in the construction of suitable blackhole boxes that could assist the FBI in tracing these folks, instead of having to leave hacked machines live I think it would be a good thing. I am sure they would be interested. If we could lay a cracker trap that would only cost a modest amount of bandwidth and CPU cycles that could gather the necessary evidence on the cracker without enabling them to carry out real attacks, I know I would be interested.
Once again, thanks for letting us know you were scanned, We sorry to have darkened your doorstep in these regards. The machine has been taken down and subsequently replaced.
If you have any questions related to this matter I can be contacted at the address/email/phone shown below. Our contact with the FBI is Special Agent Kevin M. Walsh who can be reached at kwalsh@leo.gov.
I am in no way implying that we should return to those days - I AM saying that for all that we have "accomplished", look how bad everything is.
.gov is bad and if you fix em - the corps wil have to fall in line - you are correct.
Yes - the
I am just expressing my frustration for the useless creations and lifestyle of the modern world (myself included - I in no way feel that I have contributed greater than anyone else - although I have built a lot of really cool networks, in the grand scheme of things it means nothing.)
Why would you think that Monsanto would give a damn about a humanitarian effort to place farms in an area where it was previously difficult to grow crops.
.gov and you have a rather isolated test lab with $0 pay labor
.89c for a burger. what the hell part of the cow is that crap made out of - and how could it possibly be .89c etc..) The shit we are being fed these days is killing us - but so long as the package it all nice and pretty we dont care, we just put that saw dust in our belly and go on our happy little way.
a) they can get the land for practically free
b) no-one will be around to see what "innovative" new veggies they attempt to test there.
c) pay off the local
Take a look at what has been going on in this world - how many ppl have you heard of latley getting cancer. This is absolutley crazy - yes there may have always been cancer - but I don't think it has ever been so wide spread.
Basically we are looking at the death humanity - from the garbage that we eat and the garbage that we produce.
how often do you go through a day without eating food that is almost an impossibility (mcdonalds
we have no leadership in this world - challenge you to name one goal that humanity in general is aiming for. one thing that ppl can work towards and know that we are truely sentient beings with a purpose. NOTHING - megacorp market creation keeps us sedated on a phat diet of processed labrotory products engineered to keep our mind off the fact that our lives are absolutley pointless.
WHAT THE HELL HAVE YOU DONE TODAY!!
the article also stated that apple is(has) creating(ed) a wireless keyboard as well. doesn't say if it's IR or other... /. Challenge: create a small bug that can intercept the stream between the wireless keyboard and the machine - and transmit the keystrokes to a receiver. two cases of coke to the first to accomplish.
anyone interested in developing MMORPG games to run on linux clusters?
Details Deatils - your first post should have been a description of what you built, how you built it, what it will do and how can you make it easier for me when I build mine.
is all your work going to be open source. will you release your customizations to us.
I'll take my answer off the air?
great explaination - but I dont think that this kid is quite to the level to understand what you just said.... he appears to not know the diff. between routers and switches.
I thought they were like um,... an '80s band?
so - why not just delete all metallica MP3 files! not like their worth anything....
better yet, everybody save the MP3's they have of metallica onto FLOPPIES and send them to the band.