[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Re: Re :[OT] Hackers

To: Mukund Deshmukh <betacomp@xxxxxxxxxxxxxxxxx>
Subject: Re: Re: Re :[OT] Hackers
From: Suresh Ramasubramanian <r.suresh@xxxxxxxxxxxxxxx>
Date: Wed, 15 Mar 2000 10:59:23 +0530
Cc: Linux India General <linux-india-general@xxxxxxxxxxxxxxxxxxxxx>, LI Help <linux-india-help@xxxxxxxxxxxxxxxxxxxxx>, Doc Tarique <swati@xxxxxxxxxxx>
In-reply-to: <004501bf8e34$2166ebe0$f201a8c0@default>; from betacomp@nagpur.dot.net.in on Wed, Mar 15, 2000 at 09:17:08AM +0530
Mail-followup-to: Suresh Ramasubramanian <r.suresh@xxxxxxxxxxxxxxx>, Mukund Deshmukh <betacomp@xxxxxxxxxxxxxxxxx>, Linux India General <linux-india-general@xxxxxxxxxxxxxxxxxxxxx>, LI Help <linux-india-help@xxxxxxxxxxxxxxxxxxxxx>, Doc Tarique <swati@xxxxxxxxxxx>
Organization: CAUCE India <www.india.cauce.org>

Mukund Deshmukh saw fit to inform LI that: 

>It was literely on a plater in my case. About a year back when I pointed my
>browser to one of the dot server on a particular port , I got server

That is an argument quite often misused ... like Manoj said, just because
a door is open, any xyz does not have the right to walk into it.

>Now pointing my browser to an open port on any server can not ammount to
>cracking.

No.  It merely amounts to trespassing.

>In both cases I promptly informed the server admin.

Were you, by any chance portscanning for open ports?  I know quite a few
sysadmins who'd be firing off e-mails to your isp demanding you be booted,
if you so much as touched a non-public (whether open or not) port on their
network.

>How many server admin on linux-india read bugtraq?
>Out of 100 million Indian people I had found only one mail from raju on
>bugtraq in last one year.

Even I don't post (or even lurk) on bugtraq - I read the archives whenever
I have any issue to fix.  I am sure many sysadmins do exactly that.

>CAUCE is doing really commendable work, but mail is not the only hackers
>target.

NNTP for example ... we were recently working with VSNL, Satyam and
MantraOnline re a series of vicious attacks on usenet (mailbombs etc).

Most of the people sending junk mail (or selling vsnl users
addresses) download the /etc/passwd file.  They can, and have, run crack
on it to decipher passwords (esp of those people who set their passwd as
abc123, omsaibaba or something like that).

>No I do not agree to this. I can still fetch, using standard commands, user
>list file from vsnl /dot servers. This will certianely not ammount to

On vsnl hyderabad at least, this is not the case.  Anything beyond ls, cp,
rm (and other basic commands) are restricted.

>hacking or cracking as I have valid accounts on these server and the file
>permission  is rwxr-xr-x.

Despite badly set permissions - if you are not the owner of the file - you
have no right to touch it or access it.

>I have already sent mail to these server admin 2 months back, but none of
>them replied.

As I said, I will introduce you to G.P.Singh of VSNL Bombay - you can tell
him all the security holes in vsnl ~and~ the fixes available for these
holes.  Till then, please don't sniff around their boxes, exploring
security holes.  VSNL is quite capable of running cop / nmap etc to fix
their servers ...

-- 
Suresh Ramasubramanian + President, CAUCE India + www.india.cauce.org
Stopping Spam In India + suresh@xxxxxxxxxxxxxxx + Spammers are Losers
--
Garbage In -- Gospel Out.

Follow-Ups:
- Re: Re: Re :[OT] Hackers
  - From: Atul Chitnis

References:
- Re: Re: Re :[OT] Hackers
  - From: Mukund Deshmukh

Prev by Subject: Re: Re: Re :[OT] Hackers
Next by Subject: Re: Re: Re :[OT] Hackers
Previous by thread: Re: Re: Re :[OT] Hackers
Next by thread: Re: Re: Re :[OT] Hackers
Index(es):
- Subject
- Thread