[olug] users.olug.org

[Brian Wiese]

Though this appears rather incriminating at first glance, given the spirit
of this conversation, I cannot believe any malice was intended.  This
looks more like practical connectivity testing to me, something I would
commonly do from any box.  Outlawing nmap is basically like outlawing the
ping, it's a tool to retrieve information (that could be used for good or
bad, or expose insecurities people would hope to remain hidden), valuable
information especially when one is trying to test their own security (see
what ports they have open/accessible from the outside, is the barn door
open?) and see how they appear to others on the Internet, and how they
match up.  I understand where you are coming from though, you are the
admin, just my $0.02.

peace
Brian

On Wed, 12 Mar 2003 13:46:19 -0600
"Brian Roberson" <roberson at olug.org> wrote:

|So, when I get a call from people at news.com about possible devious
|activity, shall I give them you home #?
|
|users:/home/thechunk # grep news.com .bash_history
|lynx www.news.com
|ping www.news.com
|telnet www.news.com 21
|nmap www.news.com
|users:/home/thechunk #
|
|
|I have be super leanient till now on the shell services, please dont ruin
|it for all.
|
|
|
|
|
|----- Original Message -----
|From: "Jonathan Warren" <thechunk at cox.net>
|To: <waltern at iivip.com>; "Omaha Linux User Group" <olug at olug.org>
|Sent: Wednesday, March 12, 2003 9:17 AM
|Subject: Re: [olug] users.olug.org
|
|
|> Yes I understand all this.  I am not condonign illegal access to
|> anything. However this reminds me of a story I've heard.  It goes
|> somethign like this. It came to the attention of some higher up
|> military types that there were open and available tools to allow for
|> testing the security of a machine. There reaction was to try and
|> classify it.  They thought they could hide it and continue running
|> insecure boxes.  I just don't see the point in running from something
|> that is very useful.  Again I am not condoning illegal access.  The
|> information provided by nmap is very useful.  Why the fear of it?  Why
|> not leverage it to improve security across the whole network? Anyway
|> just my .02.
|>
|> Again I am not out to get anyone upset with me and won't use it again
|> from that machine if it bothers people.  I just don't understand the
|> fear.
|>
|> -Jon W
|>
|> On Wed, Mar 12, 2003 at 09:03:02AM -0600, Nick Walter wrote:
|> > If I wanted to hypothetically start a mad reign of hacking terror, my
|> > steps would be along the lines of
|> >
|> > 1.)  Using a sniffer or guessing or social engineering, get the
|> > password to someones shell account (for this example, we'll assume
|> > Jonathan Warren's OLUG shell account).
|> >
|> > 2.)  Use it to start scanning for vulnerabilities on other servers. 
|> > I would probably use nmap for this.
|> >
|> > 3.)  Use publically available exploits to then exploit and root the
|> > servers.
|> >
|> > 4.)  Do amusing things to the rooted servers.  This includes defacing
|> > websites, installing sniffers, or the ever popular rm -rf /*
|> >
|> > 5.)  Eventually get noticed, and all the activity is traced back to .
|> > .. Jonathan Warren!
|> >
|> > I'm not picking on Jonathan btw, just illustrating an all-too-likely
|> > scenario that is the reason why there are rules against port scanning
|> > and so forth with shell accounts.
|> >
|> > Nick Walter
|> >
|> > On Wed, 2003-03-12 at 08:59, Jonathan Warren wrote:
|> > > Really?  Ok I won't do it anymore.  I guess I don't understand why
|> > > it would be illegal.  If you could explain I would appreciate it.
|> > >
|> > > On Tue, Mar 11, 2003 at 11:43:16PM -0600, Brian Roberson wrote:
|> > > > Well..........
|> > > >
|> > > >
|> > > >     All I can say is...... It is for OLUG staff to know and you
|> > > >     to wonder...
|> > > > I should deactivate you account for misconduct, but I will simply
|give you a
|> > > > public hand slap. port scanning and other "can be perceived as
|devious"
|> > > > activity is not allowed on the olug shell server. Please do not
|> > > > make me push
|> > > > the issue any further than this email, port scanning ( even if is
|your own
|> > > > machine ) will not be tolerated.
|> > > >
|> > > >
|> > > >
|> > > >
|> > > >
|> > > >
|> > > > ----- Original Message -----
|> > > > From: "Jonathan Warren" <thechunk at cox.net>
|> > > > To: <olug at olug.org>
|> > > > Sent: Tuesday, March 11, 2003 9:33 PM
|> > > > Subject: Re: [olug] users.olug.org
|> > > >
|> > > >
|> > > > > No I don't.  I scanned it from the my work and nothing showed
|> > > > > up. I can
|> > > > even scan itself and it can't find anything.  I have done lsof
|> > > > and netstats
|> > > > to no avail.  If I scan news.com or yahoo.com it says 21 is open
|there too.
|> > > > I find it hard to beleive that they would be running telnet
|> > > > servers. The
|> > > > next hope in a netstat is some kind of a firewall box.  I am
|> > > > curious if it
|> > > > is intercepting my port 21 requests and dropping them or
|> > > > something. Anyway
|> > > > just curious.  If you want to check me for an ftp port my address
|> > > > is thechunk.dyn.dhs.org.
|> > > > >
|> > > > >
|> > > > > On Tue, Mar 11, 2003 at 06:10:20PM -0600, ktb wrote:
|> > > > > > On Tue, Mar 11, 2003 at 05:19:09PM -0600, Jonathan Warren
|> > > > > > wrote:> I was tryign to find what my open ports I had on my
|> > > > > > box.  I downloaded
|> > > > nmap to users.olug.org and built it and installed it into my home
|directory.
|> > > > Everything I scan with it reports that port 21 is open.  Any idea
|why it
|> > > > would say that?  It seems very strange to me.
|> > > > > >
|> > > > > > What is "everything you scan?"  21/tcp is generally used for
|ftp.  You
|> > > > > > can grep though /etc/services to find that information. 
|> > > > > > Sounds like you
|> > > > > > have an ftp server running on your system.
|> > > > > > hth,
|> > > > > > kent
|> > > > > >
|> > > > > > --
|> > > > > > To know the truth is to distort the Universe.
|> > > > > >                       Alfred N. Whitehead (adaptation)