[olug] users.olug.org

Jonathan Warren thechunk at cox.net
Wed Mar 12 20:13:51 UTC 2003 

Well yes please give them my contact information.

402-991-1475
402-271-7103

Jon Warren
1301 Offutt blvd 
Bellevue, NE 68005

If I am running the risk of "ruining" the shell accounts for all please just terminate my account because I don't want that label.  

-Jon

On Wed, Mar 12, 2003 at 01:46:19PM -0600, Brian Roberson wrote:
> So, when I get a call from people at news.com about possible devious
> activity, shall I give them you home #?
> 
> users:/home/thechunk # grep news.com .bash_history
> lynx www.news.com
> ping www.news.com
> telnet www.news.com 21
> nmap www.news.com
> users:/home/thechunk #
> 
> 
> I have be super leanient till now on the shell services, please dont ruin it
> for all.
> 
> 
> 
> 
> 
> ----- Original Message -----
> From: "Jonathan Warren" <thechunk at cox.net>
> To: <waltern at iivip.com>; "Omaha Linux User Group" <olug at olug.org>
> Sent: Wednesday, March 12, 2003 9:17 AM
> Subject: Re: [olug] users.olug.org
> 
> 
> > Yes I understand all this.  I am not condonign illegal access to anything.
> However this reminds me of a story I've heard.  It goes somethign like this.
> It came to the attention of some higher up military types that there were
> open and available tools to allow for testing the security of a machine.
> There reaction was to try and classify it.  They thought they could hide it
> and continue running insecure boxes.  I just don't see the point in running
> from something that is very useful.  Again I am not condoning illegal
> access.  The information provided by nmap is very useful.  Why the fear of
> it?  Why not leverage it to improve security across the whole network?
> Anyway just my .02.
> >
> > Again I am not out to get anyone upset with me and won't use it again from
> that machine if it bothers people.  I just don't understand the fear.
> >
> > -Jon W
> >
> > On Wed, Mar 12, 2003 at 09:03:02AM -0600, Nick Walter wrote:
> > > If I wanted to hypothetically start a mad reign of hacking terror, my
> > > steps would be along the lines of
> > >
> > > 1.)  Using a sniffer or guessing or social engineering, get the password
> > > to someones shell account (for this example, we'll assume Jonathan
> > > Warren's OLUG shell account).
> > >
> > > 2.)  Use it to start scanning for vulnerabilities on other servers.  I
> > > would probably use nmap for this.
> > >
> > > 3.)  Use publically available exploits to then exploit and root the
> > > servers.
> > >
> > > 4.)  Do amusing things to the rooted servers.  This includes defacing
> > > websites, installing sniffers, or the ever popular rm -rf /*
> > >
> > > 5.)  Eventually get noticed, and all the activity is traced back to . .
> > > . Jonathan Warren!
> > >
> > > I'm not picking on Jonathan btw, just illustrating an all-too-likely
> > > scenario that is the reason why there are rules against port scanning
> > > and so forth with shell accounts.
> > >
> > > Nick Walter
> > >
> > > On Wed, 2003-03-12 at 08:59, Jonathan Warren wrote:
> > > > Really?  Ok I won't do it anymore.  I guess I don't understand why it
> would be illegal.  If you could explain I would appreciate it.
> > > >
> > > > On Tue, Mar 11, 2003 at 11:43:16PM -0600, Brian Roberson wrote:
> > > > > Well..........
> > > > >
> > > > >
> > > > >     All I can say is...... It is for OLUG staff to know and you to
> wonder...
> > > > > I should deactivate you account for misconduct, but I will simply
> give you a
> > > > > public hand slap. port scanning and other "can be perceived as
> devious"
> > > > > activity is not allowed on the olug shell server. Please do not make
> me push
> > > > > the issue any further than this email, port scanning ( even if is
> your own
> > > > > machine ) will not be tolerated.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Jonathan Warren" <thechunk at cox.net>
> > > > > To: <olug at olug.org>
> > > > > Sent: Tuesday, March 11, 2003 9:33 PM
> > > > > Subject: Re: [olug] users.olug.org
> > > > >
> > > > >
> > > > > > No I don't.  I scanned it from the my work and nothing showed up.
> I can
> > > > > even scan itself and it can't find anything.  I have done lsof and
> netstats
> > > > > to no avail.  If I scan news.com or yahoo.com it says 21 is open
> there too.
> > > > > I find it hard to beleive that they would be running telnet servers.
> The
> > > > > next hope in a netstat is some kind of a firewall box.  I am curious
> if it
> > > > > is intercepting my port 21 requests and dropping them or something.
> Anyway
> > > > > just curious.  If you want to check me for an ftp port my address is
> > > > > thechunk.dyn.dhs.org.
> > > > > >
> > > > > >
> > > > > > On Tue, Mar 11, 2003 at 06:10:20PM -0600, ktb wrote:
> > > > > > > On Tue, Mar 11, 2003 at 05:19:09PM -0600, Jonathan Warren wrote:
> > > > > > > > I was tryign to find what my open ports I had on my box.  I
> downloaded
> > > > > nmap to users.olug.org and built it and installed it into my home
> directory.
> > > > > Everything I scan with it reports that port 21 is open.  Any idea
> why it
> > > > > would say that?  It seems very strange to me.
> > > > > > >
> > > > > > > What is "everything you scan?"  21/tcp is generally used for
> ftp.  You
> > > > > > > can grep though /etc/services to find that information.  Sounds
> like you
> > > > > > > have an ftp server running on your system.
> > > > > > > hth,
> > > > > > > kent
> > > > > > >
> > > > > > > --
> > > > > > > To know the truth is to distort the Universe.
> > > > > > >                       Alfred N. Whitehead (adaptation)
> > > > > > > _______________________________________________
> > > > > > > OLUG mailing list
> > > > > > > OLUG at olug.org
> > > > > > > http://lists.olug.org/mailman/listinfo/olug
> > > > > > _______________________________________________
> > > > > > OLUG mailing list
> > > > > > OLUG at olug.org
> > > > > > http://lists.olug.org/mailman/listinfo/olug
> > > > > >
> > > > >
> > > > > _______________________________________________
> > > > > OLUG mailing list
> > > > > OLUG at olug.org
> > > > > http://lists.olug.org/mailman/listinfo/olug
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > http://lists.olug.org/mailman/listinfo/olug
> > > >
> > >
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > http://lists.olug.org/mailman/listinfo/olug
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> >
> 
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list