Forwarded message:

Subject: Re: System Attack & FBI (fwd) From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 24 May 97 08:31:31 EDT

ichudov@algebra.com (Igor Chudov @ home) writes: ...

...

I hope that the hacker did not leave any other trojans besides rogue Apache and in.telnetd. ... The cracker installed Stronghold[tm] on Jim's system? How despicable!

The cracker installed nothing. From the first time they used the bbixler account I have known of them. Another interesting aspect is that since taking on the CDR I have had 3 attacks (previous ones were denial of service) while in the year previous to that I had only one. I think there is an object lesson buried in there somewhere. What I want to know is if he ever realized he was running on a 486DX2/80 w/ 24M of RAM, 1G of hard-drive, and a version of Linux that is over 2 years old? What a rube... The bbixler account was a trip-wire with a very silly password intentionaly left there (as are several others) just waiting for some happy jack to find one. I also do this with my IP's. It is actualy very effective. I once nabbed a bozo from the Richardson, Tx AT&T office who was using my system to get to other systems. I was monitoring the account and noticed an email go out to a buddy of his with his office number in it. I called, he shit bricks, I asked for money or that he desist from using my system. He desisted. I also have a pretty quick re-install plan as well. I have a basic image on a spare drive installed in the box. Swap cables and we are back up. I can do a complete re-install and be configured in about 3 hours from CD archives and the original source material which is on machines not on the Internet (it's my Amiga 2000). This does not include the user home dir's which I don't protect, with the users full knowledge and agreement. Their data, their problem (I push fast cycle times, the use of off-line encryption for security, and digital signing for authority); I provide services only and TEMPORARY file storage on my file systems. Linux on old 486's is wonderful! Jim Choate CyberTects ravage@ssz.com