Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 2 Jun 2000 23:39:29 +0930 (CST)
From:      james <wabit@adl.ussr.net>
To:        Chad Day <cday@beachassociates.com>
Cc:        "'freebsd-newbies@freebsd.org'" <freebsd-newbies@FreeBSD.ORG>
Subject:   Re: System intrusion followup.
Message-ID:  <Pine.BSF.4.21.0006022337300.22414-100000@gw.Adl.USSR.net>
In-Reply-To: <A8D9B16D2196D2118B6E00A0C9E307F423857D@beachpdc1.beachassociates.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Chad,

Thanks for the message, and the warning about "Unauthorized access
prohibited" messages....

/etc/ftpwelcome contains the ftp motd,

where is the file that is displayed before the login prompt? - or are we
limited to displaying something after they've connected, via /etc/motd ? 

regards

james


On Fri, 2 Jun 2000, Chad Day wrote:

> Date: Fri, 2 Jun 2000 09:56:31 -0400 
> From: Chad Day <cday@beachassociates.com>
> To: "'freebsd-newbies@freebsd.org'" <freebsd-newbies@FreeBSD.ORG>
> Subject: System intrusion followup.
> 
> Well, just got off the phone with the FBI, and the local police department
> came by and took a report last evening.
> 
> The FBI seemed pretty knowledgeable and really willing to go after the guy,
> even though our estimated loss was only $2-3k, and they say they usually
> require $10k.. but since the logs are pretty open and shut and it should be
> an easy matter to persue, he said they are very likely to go ahead after the
> guy.
> 
> One thing I did learn:  make sure you have a banner on your FTP login and
> telnet login saying something like: "UNAUTHORIZED ACCESS PROHIBITED".  I
> didn't have that.  :(   Rookie mistake, lesson learned.
> 
> The officer from the local police wasn't too technologically there, but I
> was able to talk her through a lot of it and wrote down my version of what
> happened, and she seemed to get the gist of everything after a while.
> 
> AOL, of course, did jack and you know what.  After being disconnected after
> long hold periods, they kindly told me that they won't take any actions
> regardless of evidence unless the police/FBI contacted them.  
> 
> <on the phone with FBI agent>
> 
> Me: "I have his IP address, he's coming from AOL, but they wouldn't give me
> any more information."
> FBI: "They'll give it to US."
> 
> Ahh, go FBI. :)
> 
> Anyway.. things I've learned that may be of value to other newbies..
> 
> Make sure you have ftp/telnet banners with usage policies
> You can trust your users about as far as you can throw them
> Keep very detailed ftp logs..  ftpd -l -l
> and AOL sucks, but you knew that already.
> 
> Thanks to everyone who has emailed me with advice.
> 
> Chad Day
> Beach Associates
> 
> When I speak german... I think german in my head... but like...Do skript
> kiddies see a w40l3 8uncha 1's and 0's and 3's and 4's and 7's in their
> h34d'5 w43n t43y R +a1k1n6 ? -- SirStanley
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-newbies" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006022337300.22414-100000>