[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hzo@goldfish.cube.net: "Hack attack" is no hack but a survey about operating systems]



Hello

1. From looking at the logs of my servers, I got to the conclusion
   that the guy is right. I found the packets from that host quickly,
   and they look innocent, at least in relative to *MANY* real
   attacks from other sites which are done almost daily.

2. We know Alex Khalil from our list (Linux-IL), and it seems that
   he is not the one to join the Hizbullah in order to attack Israeli
   sites  :-)

3. I know the survey since its early days (at least 2 months) and I
   really admire it. It is an important tool. Since I believe that
   their next step is to add a database to their site, so you will
   have the option to get statistics for specific areas or regular
   expressions (e.g. "*.co.il"), it will be very sad that ".il" will
   be removed. I call ISOC-IL to ask them to continue to include us
   in their survey.

4. If logs were removed, then there WERE attacks anyway. As I
   mentioned above, I face these attacks almost daily. Usually, the
   source address does not have much to do with, since the hackers
   don't use their real address in the field of the source IP. Even
   in cases that the hacker needs the returning packet, he will use a
   foreign site, which he hacked into before. *Many* of us faced such
   a ("successful") break on last May. The only thing which can help,
   is to replace your security companies (two names were mentioned in
   the original message) urgently. I know the guys of Xpert, and they
   seem to be more professional (they are even distributors of
   CheckPoint). Try them.
   Anyway, there may be so many sources for the removing of the logs,
   from so many hackers, in addition to these poor surveyers.

5. I still want to thank ISOC-IL guys for their important alerts.
   Although this alert became false, their efforts are important and
   useful. Don't let this embarrasment to weaken your hands.
   (Some of you are real gurus/positive-hackers; next time you can
   check the things directly, and not by relying on dumb's reports).

6. Hank: Please add "ISOC-IL Membership <members@ISOC.ORG.IL>" to
   your alerts. I don't think we have to learn about this issues
   only from Linux-IL.

Sorry for my English...
-- 
Eli Marmor
***************************************************************
 *   ___ _  __ ___  __    _ |__ _ _    marmor@elmar.co.il      *
  *     | | | \   | | \    |  / |\/     El-Mar Software Ltd.    *
   *    | | | _)  | | _)     /  | \      Tel.: 972-50-237338     *
    *    ___________________________      Fax: 972-9-766-1314     *
     *   \_________________________ \      http://www.elmar.co.il  *
      *    _________  __  ____     \ \____  __    _                 *
       *   \_______ \ \_\|  _ \  __ \____ \ \ \  | |                 *
        *          \ \   | | \ \ \_\     \ \ \ \ | |                *
         *          \ \  | | _\ \         ) ) \ \ \_\_             *
          *          \ \ |_| \___)       (_/   \_\  \_\           *
           *          \ \_______________________________         *
            *          \________________________________\       *
             *                                                 *
              *************************************************