North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: should i publish a list of cracked machines?

  • From: Josha Bronson
  • Date: Thu Aug 23 12:22:12 2001

On Thu, Aug 23, 2001 at 11:53:38AM -0400, Jim Mercer said:
> i found one of my boxes was cracked (probably due to the BSD telnetd overflow).
> in any case, i found a file in the cracker's directory containing what i think
> is a list of other servers which might be hacked.
> i think the list also includes the passwords for using the trojan.
> on my server, i found a trojan daemon, allowing ssh on an 14000 series port.
> i was gonna just post the list of hosts here, but then, maybe not.
> what is the appropriate feeling?

I'd try to contact the owners of the systems in the list personally.
Posting such a list of machines thought to be cracked would accomplish
little except getting those machines further probed/attacked.

I would suggest trying to see what domains the IPs belong to and just
shoot out some mail to [email protected]/[email protected]/[email protected] or any other likely
admin accounts with a heads up.

Josha Bronson <[email protected]>
Network/Systems/Security Engineer ||