Date: Fri, 2 Jun 2000 23:39:29 +0930 (CST) From: james <wabit@adl.ussr.net> To: Chad Day <cday@beachassociates.com> Cc: "'freebsd-newbies@freebsd.org'" <freebsd-newbies@FreeBSD.ORG> Subject: Re: System intrusion followup. Message-ID: <Pine.BSF.4.21.0006022337300.22414-100000@gw.Adl.USSR.net> In-Reply-To: <A8D9B16D2196D2118B6E00A0C9E307F423857D@beachpdc1.beachassociates.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Chad, Thanks for the message, and the warning about "Unauthorized access prohibited" messages.... /etc/ftpwelcome contains the ftp motd, where is the file that is displayed before the login prompt? - or are we limited to displaying something after they've connected, via /etc/motd ? regards james On Fri, 2 Jun 2000, Chad Day wrote: > Date: Fri, 2 Jun 2000 09:56:31 -0400 > From: Chad Day <cday@beachassociates.com> > To: "'freebsd-newbies@freebsd.org'" <freebsd-newbies@FreeBSD.ORG> > Subject: System intrusion followup. > > Well, just got off the phone with the FBI, and the local police department > came by and took a report last evening. > > The FBI seemed pretty knowledgeable and really willing to go after the guy, > even though our estimated loss was only $2-3k, and they say they usually > require $10k.. but since the logs are pretty open and shut and it should be > an easy matter to persue, he said they are very likely to go ahead after the > guy. > > One thing I did learn: make sure you have a banner on your FTP login and > telnet login saying something like: "UNAUTHORIZED ACCESS PROHIBITED". I > didn't have that. :( Rookie mistake, lesson learned. > > The officer from the local police wasn't too technologically there, but I > was able to talk her through a lot of it and wrote down my version of what > happened, and she seemed to get the gist of everything after a while. > > AOL, of course, did jack and you know what. After being disconnected after > long hold periods, they kindly told me that they won't take any actions > regardless of evidence unless the police/FBI contacted them. > > <on the phone with FBI agent> > > Me: "I have his IP address, he's coming from AOL, but they wouldn't give me > any more information." > FBI: "They'll give it to US." > > Ahh, go FBI. :) > > Anyway.. things I've learned that may be of value to other newbies.. > > Make sure you have ftp/telnet banners with usage policies > You can trust your users about as far as you can throw them > Keep very detailed ftp logs.. ftpd -l -l > and AOL sucks, but you knew that already. > > Thanks to everyone who has emailed me with advice. > > Chad Day > Beach Associates > > When I speak german... I think german in my head... but like...Do skript > kiddies see a w40l3 8uncha 1's and 0's and 3's and 4's and 7's in their > h34d'5 w43n t43y R +a1k1n6 ? -- SirStanley > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-newbies" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006022337300.22414-100000>