From owner-freebsd-hackers  Sun Jun 23 17:26:04 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA06484
          for hackers-outgoing; Sun, 23 Jun 1996 17:26:04 -0700 (PDT)
Received: from time.cdrom.com (time.cdrom.com [204.216.27.226])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA06461;
          Sun, 23 Jun 1996 17:25:59 -0700 (PDT)
Received: from time.cdrom.com (localhost [127.0.0.1]) by time.cdrom.com (8.7.5/8.6.9) with ESMTP id RAA07981; Sun, 23 Jun 1996 17:25:35 -0700 (PDT)
To: hackers@freebsd.org
cc: security@freebsd.org, ache@freebsd.org
Subject: I need help on this one - please help me track this guy down!
Date: Sun, 23 Jun 1996 17:25:35 -0700
Message-ID: <7979.835575935@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

jkh      p2  a235.pu.ru       Sun04PM     - -bash (bash)

This was "me" on wcarchive.cdrom.com today - when I caught the guy I
starred myself out of the password file and `watch -W'd' him.  He
wasn't doing anything special, but when I sent him a "gotcha!"  he
attempted to remove my home directory (nothing in it, no loss) and
logged out.  That proves this guy to not only be a cracker but a
malicious one at that and, were he to be caught and relieved of his
testicles by the russian mafia, I would be the first to ask for them
in a jar as a momento! :-)

I'm not one to generally get too upset about this kind of thing, but
breaking into our flagship machine as me is going just a bit too far
(as was trying to nuke my files when caught - I'd have forgiven him
but for that, now I want his balls).

A traceroute from wcarchive doesn't show me much, but if anybody can
gleen some userful information out of it I'd appreciate it.

Thanks!

 5  Helsinki2.FI.EU.net (134.222.228.45)  555.687 ms  518.720 ms  507.602 ms
 6  StPetersburg.RU.EU.net (134.222.23.2)  549.172 ms  592.407 ms  630.928 ms
 7  spb-2-gw.spb.su (193.124.83.66)  547.190 ms  573.518 ms  569.656 ms
 8  hqlgu-LE.pu.ru (193.124.255.134)  519.318 ms  657.805 ms  651.496 ms
 9  slip-0.pu.ru (193.124.85.1)  840.489 ms  671.729 ms  650.750 ms
10  nat.pu.ru (193.124.85.134)  638.649 ms  653.720 ms  720.170 ms
11  gw.pu.ru (193.124.85.219)  752.144 ms  645.046 ms  641.413 ms
12  localhost (127.0.0.1)  670.113 ms  702.233 ms  695.733 ms
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Interesting!

				Jordan