[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hzo@goldfish.cube.net: "Hack attack" is no hack but a survey about operating systems]
Hello
1. From looking at the logs of my servers, I got to the conclusion
that the guy is right. I found the packets from that host quickly,
and they look innocent, at least in relative to *MANY* real
attacks from other sites which are done almost daily.
2. We know Alex Khalil from our list (Linux-IL), and it seems that
he is not the one to join the Hizbullah in order to attack Israeli
sites :-)
3. I know the survey since its early days (at least 2 months) and I
really admire it. It is an important tool. Since I believe that
their next step is to add a database to their site, so you will
have the option to get statistics for specific areas or regular
expressions (e.g. "*.co.il"), it will be very sad that ".il" will
be removed. I call ISOC-IL to ask them to continue to include us
in their survey.
4. If logs were removed, then there WERE attacks anyway. As I
mentioned above, I face these attacks almost daily. Usually, the
source address does not have much to do with, since the hackers
don't use their real address in the field of the source IP. Even
in cases that the hacker needs the returning packet, he will use a
foreign site, which he hacked into before. *Many* of us faced such
a ("successful") break on last May. The only thing which can help,
is to replace your security companies (two names were mentioned in
the original message) urgently. I know the guys of Xpert, and they
seem to be more professional (they are even distributors of
CheckPoint). Try them.
Anyway, there may be so many sources for the removing of the logs,
from so many hackers, in addition to these poor surveyers.
5. I still want to thank ISOC-IL guys for their important alerts.
Although this alert became false, their efforts are important and
useful. Don't let this embarrasment to weaken your hands.
(Some of you are real gurus/positive-hackers; next time you can
check the things directly, and not by relying on dumb's reports).
6. Hank: Please add "ISOC-IL Membership <members@ISOC.ORG.IL>" to
your alerts. I don't think we have to learn about this issues
only from Linux-IL.
Sorry for my English...
--
Eli Marmor
***************************************************************
* ___ _ __ ___ __ _ |__ _ _ marmor@elmar.co.il *
* | | | \ | | \ | / |\/ El-Mar Software Ltd. *
* | | | _) | | _) / | \ Tel.: 972-50-237338 *
* ___________________________ Fax: 972-9-766-1314 *
* \_________________________ \ http://www.elmar.co.il *
* _________ __ ____ \ \____ __ _ *
* \_______ \ \_\| _ \ __ \____ \ \ \ | | *
* \ \ | | \ \ \_\ \ \ \ \ | | *
* \ \ | | _\ \ ) ) \ \ \_\_ *
* \ \ |_| \___) (_/ \_\ \_\ *
* \ \_______________________________ *
* \________________________________\ *
* *
*************************************************