should i publish a list of cracked machines?

Josha Bronson dmuz at slartibartfast.angrypacket.com
Thu Aug 23 16:12:58 UTC 2001


On Thu, Aug 23, 2001 at 11:53:38AM -0400, Jim Mercer said:
> i found one of my boxes was cracked (probably due to the BSD telnetd overflow).
> 
> in any case, i found a file in the cracker's directory containing what i think
> is a list of other servers which might be hacked.
> i think the list also includes the passwords for using the trojan.
> 
> on my server, i found a trojan daemon, allowing ssh on an 14000 series port.
> 
> i was gonna just post the list of hosts here, but then, maybe not.
> 
> what is the appropriate feeling?

I'd try to contact the owners of the systems in the list personally.
Posting such a list of machines thought to be cracked would accomplish
little except getting those machines further probed/attacked.

I would suggest trying to see what domains the IPs belong to and just
shoot out some mail to root@/admin@/hostmaster@ or any other likely
admin accounts with a heads up.

-- 
Josha Bronson <dmuz at slartibartfast.angrypacket.com>
Network/Systems/Security Engineer
josha.net || dmuz.angrypacket.com




More information about the NANOG mailing list