[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Break-in attempts to Linux host



Stanislav Malyshev a.k.a Frodo wrote:
> 
> OB>> Recently I have learned that the police has the cooperation of the large
> OB>> Israeli ISPs and can track down very easily Israeli users according to IP
> OB>> and time information.
> OB>>
> OB>> One way to handle these break-in attempts is to go to the police and press
> OB>> criminal charges...They take very seriously these days such complaints.
> 
> Well, as it seems from IP, this one is (possibly) from NMT -
> 
> nmt.co.il
> N.M.T - Communications & Information Routers
> NMT Ltd., 3 Habonim St., Ramat Gan 52462 Israel
> Jonathan Garini, jonathan@nmt.co.il, +972 3 7513333, +972 3 7515858
> 
> At least, tech.nmt.co.il is 192.115.50.34 - pretty close. So did you try
> to write (or even call) the said persons and talk to them? If it's they
> worker and you succeed to interest police in it, they may suffer - so it
> might be their best interest to cooperate.

OK, OK. NMT, Jonathan Garini, hackers, etc., connect this information
with the reports at Kol-Israel yesterday, and the picture will be
cleared:

Yesterday, I was surprised to hear a report about hackers in the
headlines (!) of Kol-Israel. It was even reported in those 4 minutes
news in each rounded hour. All the reports quoted Yonatan Garini (a
nice guy who founded this company years ago, before all the hype with
the Internet). He told about thousands hacked sites "recently", which
some of them are Israeli.

The whole story was quite strange. I don't know what is "recently";
if it means "the last month", then "thousands" is not a big deal.
There are millions of sites, so it is normal that 0.1% of them are
broken monthly. Maybe the number was higher this month and this is
the reason for his excitement, but it is strange too - since I didn't
notice anything special.

And this is the place to answer the original question: Did anybody
notice something special?  The clear answer is "no", not because
nobody tried to break into our systems "recently", but because of the
opposite reason: It is done daily. Port scanners, BIND buffer
overflows, phf, IMAP, finger, POP3, spoofing, smurfing, etc. My log
files are full of them. I used to look at them daily, and once I even
complained to system adminstrators of a university at Scottland (or
Ireland, I don't remember). It was found that their computer was a
victim too, and with my help they located a dial-in account of an
American ISP, and with the help of InterPol the hacker was found. But
I spent too much time so I stopped to look at the logs.

Back to the current story: Finally I understood that NMT reported
this strange story not because there was a real new thing in the last
days (or weeks?), but because this time THEY were hurt, and they are
sure that it is impossible that only them were broken, so it "must"
be a systematic world-wide hacking. The sad truth is that they were
probably hacked, and that their systems were probably migrated by the
hackers to be used as their new base for new attacks.

Conclusions and Summary:
=======================
1. Attacks are done daily, and there is nothing special with them. It
   is the normal life.
2. There was not anything new "recently".
3. NMT was hacked in the last days.
4. If Kol-Israel quotes a person telling that thousands of people
   were murdered recently, maybe I'll believe that this person is not
   among the victims. But this case is different.
5. NMT computers are used now by the anonymous hackers as their new
   base for attacks.
6. The only interesting news about hackers was the details of the PC-
   Week hacking. Linux, Perl, crontab, CGI bugs, SSI, etc. A real
   interesting story. a MUST read for any Linux user. Much more
   interesting than the local boring news.

-- 
Eli Marmor

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il