Date: Wed, 29 Jul 1998 04:34:22 -0400 (EDT) From: CyberPeasant <djv@bedford.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: version 2.1.0 and a hacker I can't keep out Message-ID: <199807290834.EAA26010@lucy.bedford.net> In-Reply-To: <Pine.BSF.4.01.9807290746390.11127-100000@guerilla.foo.bar> from Sascha Schumann at "Jul 29, 98 07:54:09 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Sascha Schumann wrote > On Wed, 29 Jul 1998, CyberPeasant wrote: > > > Looks like a dialup account. Is it always the same IPA? Might > > be spoofed. > > A script kiddie which spoofes a TCP stream. Thats very unlikely ;) Agree. Or an experienced operator who wants to look like a lamer... "A wilderness of mirrors" > We are running qpopper (really nice prog, btw) and I tried the buffer > overflow once on my machine... one command and I had root access. Yup. > > a) Get the latest qpopper port, and build it from source. > > Whats this thing with the ports? This has always the disadvantage of > being (perhaps) outdated. Go to ftp://ftp.qualcomm.com directly and grab > version 2.53. Well, perhaps the original dave is unfamiliar with that. I also assumed that somebody would have updated the official port, which is in fact the case: (from ftp.freebsd.org/pub/FreeBSD/ports/mail/popper:) DISTNAME= qpopper2.53 PKGNAME= qpopper-2.53 CATEGORIES= mail MASTER_SITES= ftp://ftp.qualcomm.com/eudora/servers/unix/popper/ EXTRACT_SUFX= .tar.Z Moreover, there are 10 patch files in the port, some of which are more than just fixing up Makefile. > > b) In conjunction with law enforcement and her ISP, prosecute > > the intruder. law enforcement = FBI, probably. Make her squeal. > > script kiddie == biggest enemy on earth? Calm down plz ;) No, but: a) Putting the Feds on them keeps the Feds busy, and keeps them from dreaming up new schemes about tapping my phone and reading my email. b) The script kid can do a lot of damage, even though he's lame. He has the ability to ruin things far beyond his skill level should allow. He is an idiot armed with a cannon. Under many US state laws, doing deliberate vandalism above a fairly low amount ($500?), is a felony -- a serious crime. I'm sure the kind of thorough audit that needs to be performed after a crack-attack, and refunds made to customers because of downtime, etc etc, can quickly add up to that amount. c) Children need to learn that when they mess up, they should expect a spanking. d) They piss me off. :) Dave -- "Today, machines sit on our desks and spend the overwhelming majority of their cycles doing nothing more important than blinking a cursor." --William Dickens http://www.feedmag.com/html/feedline/98.07dickens/98.07dickens_master.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807290834.EAA26010>