To shop him or not to shop him, that is the question

ButcherOfNog

An extract of the logfiles of a scan for vunrabilities on my work server:

10:24:21 193.120.10.43 - 193.120.xxx.xx HEAD / 401 80 -
10:24:30 193.120.10.43 - 193.120.xxx.xx GET /cgi-bin/nessus_is_probing_this_host 401 80 -
10:24:31 193.120.10.43 - 193.120.xxx.xx GET /wwwboard/passwd.txt 401 80 -
10:24:32 193.120.10.43 - 193.120.xxx.xx GET /cgi-bin/wrap 401 80 -
10:24:41 193.120.10.43 - 193.120.xxx.xx GET /cgi-bin/windmail.exe 401 80 -
10:24:42 193.120.10.43 - 193.120.xxx.xx GET /cgi-bin/whois_raw.cgi 401 80 -

Now, its easy to see the eejit was on esat dialup, so it wouldn't be too difficult to track him down. Should i bother proceeding to contact ESAT about the attempted attack? The server is also hosted in ESAT. Btw, he didn't get in or find any vunrabilities.

TwoShedsJackson

Shop him. The more of these 3l33t wannabies that are caught and have the $hit scared out of em, the less pri<ks there'll be online.

Trojan

Ask Esat for their phone number, let them feel a bit vulnerable...

But seriously; why not? Prolly some script kiddy though.. did they try much?

Al.

Hobbes

You should report it regardless. However don't assume that the owner of the account is the hacker.

Although I recall Devore saying that ESAT dailups are linked directly to phone numbers? That true?

BrainDead

Originally posted by Hobbes:

Although I recall Devore saying that ESAT dailups are linked directly to phone numbers? That true?

Yep, their "No Limits" option uses caller ID to lock the account to your phone number.

spod

Esatclear bill using caller id.


You can't have an esatclear phone "line" soap box installed unless your line supports caller id. Same goes for any of their isp type services they offer.

They can determine given a time who was connected to a particular ip at a given time. I know of at least one case of them actually doing this because of people behaving maliciously from esatclear dialups.

Sadly the twonk in question hopped straight across to indigo as soon as he got the boot from esatclear and was too young to actual have legal proceedings taken against him

Trojan

Originally posted by BrainDead:
"No Limits" option uses caller ID to lock the account to your phone number.

Ah, the irony! I love it...

Al.

Hobbes

Originally posted by spod:
Sadly the twonk in question hopped straight across to indigo as soon as he got the boot from esatclear and was too young to actual have legal proceedings taken against him

I would assume to join that ISP you would have to agree to a legal contract of use. You would have to be of age to actually use that service (eg. 18 years old) otherwise you could just ring up indigo and they would shut down the account.

Though good luck doing it.

zenith

Shop him ... screw him, and get Esat thinking like good netizens. I get probed twice a week, and am sick of getting nowhere with american ISPs.

MiCr0

what did u use to set up the logging?

anonym00se

Originally posted by ButcherOfNog:

Now, its easy to see the eejit was on esat dialup, so it wouldn't be too difficult to track him down. Should i bother proceeding to contact ESAT about the attempted attack? The server is also hosted in ESAT. Btw, he didn't get in or find any vunrabilities.

It depends how much time you want to waste and or what your companies policy is on dealing with this sort of thing.

For something of that nature I'd say you were wasting your time chasing it up with esat. Just log it and keep an eye out for any more probes

sam

dont assume anything, people trust "logs" too much, from firewalls or http servers, or whatever, its is really easy to fake this sort of thing (maybe someone doesnt like the "twonk in question" and wants to frame him? eh butcher?? i bet its you!! isnt it?? didnt i? I HAVE LOGS!! hmm)

get me on irc or something and ill see if i can demonstrate my point

Lump

Nothing will happen if you report it, someone tried to do something to me a couple of months ago, I reported it, with all the details. And they did nothing. So i dont know if its worth it. However I did only send an E-mail if you were to ring up they'd porbally help you a lot more.

John

ButcherOfNog

sam, i doubt its someone framing someone else. only certain accounts give you access to the logfiles, and i know when and by who these accounts have been accessed. all passwords are as strong on nt as they can be, plus there have been no brute force attacks launched that could've got them.

why are u so worried btw?

sam

haha,

no i dont mean actually editing logs or whatever, i mean sending http requests with random source ip's
talk to me on irc, ill see if i can show you what i mean, hopefully i will soon have that awful butcherofnog banned too, i have 3 logs (3 logs!) of him , i heard he eats small children as well, to save on food money (i have this logged too), soon i will post the logs to someone, right now i have no money for stamps

ButcherOfNog

oook, faking ip's, that sounds like fun

and the small children were ill, and would have died anyways .....

anonym00se

THe folowing article is sort of relevant to this thread.

taken from hnn
http://www.infoworld.com/cgi-bin/deleteframe.pl?story=/articles/op/xml/00/06/26/000626opswatch.xml