gentoo you decide

Discussion in 'Computer Security' started by a-wall, Nov 3, 2003.

  1. a-wall

    a-wall Guest

    Hi, i have been in the business of administration for unix and Linux for
    almost ten years now.
    I was my laptop was hacked and in such a way my aide a freee version of
    tripwire was bypassed by a lib which was ld preloaded effecting the file
    system, I was testing WIFI and got my Iptables firewall messedup for a day.

    I believe the attack originated from a #gentoo-sparc channel but i nuked
    all my logs in a hurry to get the system back up.

    I /bin/ps /bin/netstat amung other had bee changed to Immutable and
    md5sums didn't match the ones on record.

    I have most of the hacked system on my nfs server and am bring it backup
    to watch traffic.

    the trojan was sending data to ip address 224.0.0.251 on port 5353
    I cannot find who owns this IP address and it could be a decoy.

    I replaced these to attempt to track down the hackers and the lib
    dissapeared but i still have hacked bonaries /bin/login etc on tape.

    I should have just left it alone so i didnt in advertantly desroy evidence.

    When i asked for help from the second in command at Gentoo Linux i
    received none and the following is what i have so far.

    I and my legal aide cam in as botched and thempth3mp in this conversation.

    with seemant the second in command at gentoo.

    as follows

    Nov 01 13:00:33 <botched> if i ask politely for logs concerning
    conversations with themp from oct-12th through the 29th will gentoo be
    so kind as to supply them ? also, i just need them for this channel.
    Nov 01 13:01:24 <wesolows> botched: It seems Gentoo can't; if you trust
    me, you can have mine, but they're not "official"
    Nov 01 13:02:58 <botched> i would like yours even if not official. if
    indeed the extent of damage is as is vast as we can tell so far a
    subpoena will have to be issued.
    Nov 01 13:03:23 <wesolows> oh dear
    Nov 01 13:03:42 <botched> yes ,this is a very serious issue
    Nov 01 13:03:58 <botched> it is already cost much money
    Nov 01 13:04:01 <wesolows> sorry, I don't want any involvement then
    Nov 01 13:04:15 <wesolows> even as an unofficial helpful provider of
    personal logs
    Nov 01 13:04:20 <botched> wesolows not even to give channel logs ?
    Nov 01 13:04:43 <wesolows> no, I'm sorry, because they could be
    incomplete, and there's no way to know if that's the case.
    Nov 01 13:05:01 <botched> I personally think compiance from gentoo would
    be a good thing for all sides
    Nov 01 13:05:52 <botched> I cant untill i have investegated further, and
    cannot disclose more information at this point in time.
    Nov 01 13:06:02 <seemant> botched: what damage?
    Nov 01 13:06:05 <seemant> and what issue?
    Nov 01 13:06:25 <seemant> and don't you try and threaten people about
    subpoenas and legal action
    Nov 01 13:06:34 <seemant> if there's a problem, I'm the one to talk to
    Nov 01 13:07:31 <seemant> botched: now, if you have something to say,
    talk to me, and leave everyone else in here the HELL ALONE
    Nov 01 13:07:32 <seemant> got me?
    Nov 01 13:07:49 <botched> I would like to discuss this with you but not
    on irc
    Nov 01 13:09:14 <botched> seemant, themp's system was hacked on october
    12th attack originating from an ip which frequests this #gentoo-sparc
    irc channel
    Nov 01 13:10:21 * `Kumba avoids formulating theories and goes to fetch
    screwdriver handle
    Nov 01 13:10:34 <seemant> botched: then you can very well email me
    Nov 01 13:11:07 * xming checking his system for intruders
    Nov 01 13:11:10 <botched> excuse me frequents
    Nov 01 13:11:17 <seemant> botched: and, when you do, I want your full
    name and your full credentials that I can personally verify
    Nov 01 13:11:49 <botched> Seemant i am finished
    Nov 01 13:12:13 * bazik looks at Epidemic
    Nov 01 13:12:38 <seemant> botched: good, and I'll thank you to shut up
    in this channel with the threatening of the people, in the future

    and in private message with seemand second in command at gentoo.

    **** BEGIN LOGGING AT Sat Nov 1 14:34:14 2003

    Nov 01 14:34:16 <th3mp> yo
    Nov 01 14:35:29 <th3mp> why do you hve such an issue with me tracking
    down hackers do you have some kinda of policy at gentoo against this ?
    Nov 01 14:35:37 --- Received a CTCP VERSION from bazik
    Nov 01 14:36:39 >version< CTCP TH3MP
    Nov 01 14:36:48 >th3mp< CTCP VERSION
    Nov 01 14:36:48 --- Received a CTCP VERSION from th3mp
    Nov 01 14:37:21 --- Received a CTCP VERSION from botched
    [seemant has address
    ~]
    Nov 01 14:39:20 <seemant> you do what you have to do
    Nov 01 14:39:21 <seemant> but
    Nov 01 14:39:33 <seemant> you've been carrying on in completely the
    WRONG way
    Nov 01 14:39:54 <th3mp> okay then how ouwld you like me to carry on i
    cant read your mind
    Nov 01 14:39:55 <seemant> you do NOT come into the channel (a. fucking
    pretending you're someone else) and b. threatening people with subpoenas
    Nov 01 14:40:04 <seemant> carry on with civility
    Nov 01 14:40:09 <seemant> NOT with threats
    Nov 01 14:40:13 <th3mp> i m not doing anything or threatoning anything
    Nov 01 14:40:20 <seemant> right now, all there is is your word that you
    got hacked
    Nov 01 14:40:22 <seemant> no proof
    Nov 01 14:40:34 <seemant> and you come in here with threats about
    calling lawyers and issuing subpoenas
    Nov 01 14:40:45 <seemant> if you have intent to do that, then just do it
    Nov 01 14:40:59 <seemant> don't come in here acting all macho and being
    an ass about it
    Nov 01 14:41:11 <th3mp> my lawyer will be online as soon as i set up a bnc
    Nov 01 14:41:25 <th3mp> if that how you take it seemant that is your
    issue not mine
    Nov 01 14:41:31 <seemant> then let him come online
    Nov 01 14:41:33 <th3mp> i am not being macho
    Nov 01 14:41:39 <seemant> if you wish
    Nov 01 14:41:47 <seemant> I'm done with the convo
    Nov 01 14:42:07 <seemant> if your lawyer needs to contact ANYONE in the
    channel, s/he contacts me first, as I am the one in charge of the channel
    Nov 01 14:42:15 <th3mp> okay seemant why are you so upset anyways ?
    Nov 01 14:42:18 <seemant> and like I told you before, full name and
    verifiable credentials
    Nov 01 14:42:29 <seemant> because I do not like your attitude th3mp
    Nov 01 14:42:32 <seemant> that's why
    Nov 01 14:42:38 <th3mp> seemant you dont make ecurity policies on
    freenode and you dont own gentoo
    Nov 01 14:42:48 <seemant> I own this channel
    Nov 01 14:42:52 <seemant> simple as that
    Nov 01 14:42:56 <th3mp> okay then you own this channel
    Nov 01 14:43:03 <seemant> as far as owning gentoo, I am the second in
    command at gentoo
    Nov 01 14:43:14 <th3mp> thats nice to know
    Nov 01 14:43:45 <seemant> and your box being hacked, is not a freenode
    security policy
    Nov 01 14:43:51 <seemant> it's a "your box" security policy
    Nov 01 14:44:30 <th3mp> not if you dont wish you help by giving
    information anyother distro who owns a channel would gladly give out
    Nov 01 14:44:35 <th3mp> its like you have somthing to hide
    Nov 01 14:44:46 <th3mp> at least thats how it looks to me
    Nov 01 14:44:48 <seemant> as for my developers, I will stand by them
    100%; IF your box got hacked, it was NOT a gentoo developer or a
    representative of gentoo
    Nov 01 14:44:51 <seemant> hahaha
    Nov 01 14:44:52 <seemant> you're funny
    Nov 01 14:45:00 <th3mp> why ?
    Nov 01 14:45:05 <seemant> I'd almost say you're cute, except for the
    fact that you're annoying
    Nov 01 14:45:15 <seemant> if you want co-operation, ask for it NICELY
    Nov 01 14:45:18 <seemant> not with a threat
    Nov 01 14:45:24 <th3mp> why wouldnt you help seems like that would be
    the proper thing to do and the ethical one
    Nov 01 14:45:33 <th3mp> there was no threat
    Nov 01 14:45:34 <seemant> you never asked me for help
    Nov 01 14:45:38 <seemant> not nicely, not any other way
    Nov 01 14:45:46 <seemant> you spouted off about subpoenas straight off
    Nov 01 14:45:53 <seemant> sorry, but that doesn't seem like "asking for
    help"
    Nov 01 14:46:01 <th3mp> perhaps, i didnt have the social skils to ask
    you the way you wanted
    Nov 01 14:46:06 <seemant> anyhow, I'm done, and I'm putting you on
    /ignore now
    Nov 01 14:46:17 <th3mp> okay seemant
    **** ENDING LOGGING AT Sat Nov 1 14:52:00 2003
     
    a-wall, Nov 3, 2003
    #1
    1. Advertising

  2. a-wall

    jayjwa Guest

    a-wall wrote:

    <snip!>


    ???? that's all I can say, ???. What are you asking? What is the
    question, in one simple sentence?


    -j
    Atr2-WBS
     
    jayjwa, Nov 3, 2003
    #2
    1. Advertising

  3. a-wall

    a-wall Guest

    jayjwa wrote:
    > a-wall wrote:
    >
    > <snip!>
    >
    >
    > ???? that's all I can say, ???. What are you asking? What is the
    > question, in one simple sentence?
    >
    >
    > -j
    > Atr2-WBS
    >

    In one simple sentance i am not asking anything just forwarding on
    information.
     
    a-wall, Nov 4, 2003
    #3
  4. a-wall

    Joe Dunning Guest

    On Tue, 04 Nov 2003 12:21:22 -0800, a-wall <> wrote:
    >jayjwa wrote:
    >> a-wall wrote:
    >>
    >> <snip!>
    >>
    >>
    >> ???? that's all I can say, ???. What are you asking? What is the
    >> question, in one simple sentence?
    >>
    >>
    >> -j
    >> Atr2-WBS
    >>

    >In one simple sentance i am not asking anything just forwarding on
    >information.


    Frankly, you seem to be forwarding a load of FUD!
     
    Joe Dunning, Nov 7, 2003
    #4
  5. a-wall

    a-wall Guest

    Joe Dunning wrote:
    > On Tue, 04 Nov 2003 12:21:22 -0800, a-wall <> wrote:
    >
    >>jayjwa wrote:
    >>
    >>>a-wall wrote:
    >>>
    >>><snip!>
    >>>
    >>>
    >>>???? that's all I can say, ???. What are you asking? What is the
    >>>question, in one simple sentence?
    >>>
    >>>
    >>>-j
    >>>Atr2-WBS
    >>>

    >>
    >>In one simple sentance i am not asking anything just forwarding on
    >>information.

    >
    >
    > Frankly, you seem to be forwarding a load of FUD!
    >


    Yeah, sorry my origional revision was typo'd to death thats why a second.

    All i wanted you to see in the behavior of gentoo linux's econd in
    command seemant. If you indeed think my logs are fake get ones from gentoo.

    good day Mr. FUD
     
    a-wall, Nov 8, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sponge

    Gentoo linux you decide (revision 2)

    Sponge, Nov 3, 2003, in forum: Computer Security
    Replies:
    7
    Views:
    469
    Jim Watt
    Nov 8, 2003
  2. niljaviya
    Replies:
    0
    Views:
    675
    niljaviya
    Nov 2, 2006
  3. joe

    52 or 58 , You decide !!

    joe, Aug 27, 2004, in forum: Digital Photography
    Replies:
    3
    Views:
    306
    Gisle Hannemyr
    Sep 2, 2004
  4. CertGuard - Is it a Scam? You Decide?

    , Apr 30, 2007, in forum: Microsoft Certification
    Replies:
    1
    Views:
    4,792
    Cerebrus
    May 2, 2007
  5. Replies:
    1
    Views:
    706
    Cerebrus
    May 2, 2007
Loading...

Share This Page