|
Incidents
FW: [Intrusions] Linux SSH scanning - test/guest Jul 30 2004 11:22AM M Shirk (shirkdog_linux hotmail com) (1 replies) Re: FW: [Intrusions] Linux SSH scanning - test/guest Sep 08 2004 12:51AM Sebastian Jaenicke (sjaenick TechFak Uni-Bielefeld DE) (1 replies) Re: FW: [Intrusions] Linux SSH scanning - test/guest Sep 12 2004 02:50PM Sebastian Jaenicke (sjaenick TechFak Uni-Bielefeld DE) (1 replies) |
|
|
Privacy Statement |
> On Wed, Sep 08, 2004 at 02:51:52AM +0200, Sebastian Jaenicke wrote:
>> I just setup an account "guest" with password "guest" and a shell modified
>> to log commands via syslog[0].
>
> Addendum: Later, the attacker returned and installed an IRC bouncer;
> I couldn't resist, joined IRC and talked to him (from another host).
>
> Complete list of commands, files and IRC log here:
>
> http://www.jaenicke.org/sk/
Great. :-)
Did the same and watched the same guy. Except that my shell did
not allow him/her to install anything. Just uploading. Was quite
a fun to observe him and other guys trying to get things running.
It's amazing how much patience they show in trying to exploit a
system even if things clearly won't work. Well, one of the guy
uploaded sparc binaries on my linux node and tried to execute it.
:-)
I'm still in the process to gather all data for documentation.
Cheers,
Chris Kronberg.
[ reply ]