[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Hacking attempts on certain port what is thisused for?
- Subject: Re: [cobalt-users] Hacking attempts on certain port what is thisused for?
- From: elmer@xxxxxxxxxxxxxx
- Date: Wed Feb 21 23:36:14 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Thu, 22 Feb 2001, Carrie Bartkowiak wrote:
} Feb 21 21:35:55 www portsentry[1233]: attackalert: External command run for
} host: 128.248.155.163 using command: "/usr/local/bin/whois 128.248.155.163 |
} mail -s "
This is pretty cool but I thought I'd mention that tcp
wrappers provides a really nifty tool that you can even more fun
with: safe_finger. It's in /usr/sbin/ on the RAQ3 I just peeked at.
I imagine it can be found on any RAQ upon which tcp wrappers is
installed.
As I so much enjoy saying, you can whois them anytime but
you might not get another opportunity to finger them :-)
I just safe_fingered myself so you can see what the prize
might look like.
Login: brent Name: Brent Sims
Directory: /home/brent Shell: /bin/bash
Office Phone: (719) 595-1427 Home Phone: use office phone
On since Tue Feb 20 12:54 (MST) on ttyp0 from macher.webokay.c
On since Wed Feb 21 23:25 (MST) on ttyp1 from chasid.webokay.c
47 minutes 39 seconds idle
Mail forwarded to "|IFS=' ' &&exec /usr/bin/procmail -f || exit 75 #brent"
Mail last read Thu Feb 22 00:08 2001 (MST)
Plan:
WebOkay Internet Services
Network/System Administrator
----------------------------
Brent@xxxxxxxxxxx
Odds are you won't get this much from a savy cracker but
most scans are done by script kiddies and just think of the fun you
can have by sending them the finger...