On Fri, Oct 01, 1999, Oved Balas wrote about "Break-in attempts to Linux host":
> Hello all,
>
> In the last days I have noticed break in attempts to our Linux host. It is
> very annoying since this time it seems to be someone from Israel. About 6
> months ago a hacker, broke into the same PC and deleted the entire system.
>
> Recently I have learned that the police has the cooperation of the large
> Israeli ISPs and can track down very easily Israeli users according to IP
> and time information.
>...
> Is there someone on the list experiencing similar attempts ?
I have had a similar experience, and the attacker was using a dialin IP
from Internet Zahav, and tried to break into my home pc (running Linux,
of course). This happened about a 6 weeks ago, and although I have the IP
and exact time of breakin attempt, I must admit I didn't do anything
about it. If anyone is interested, I can give him these details.
A note to wannabe crackers out there: don't try to break into pentium
100 machines with 16MB of memory, connected to the internet via dialin
(this was the case of my machine): I could literally *hear* the breakin
attempt to my machine (strange disk thrashing when I wasn't don't anything)!
Not much stealth in that :)
Another note: "know who your neighbors are". If your computer sits in your
ISP on the same segment (using a hub) as other client's computers, and
you send clear-text passwords (e.g., *still* use telnet, non-anonymous ftp,
or non-ssh-tunneled pop3/imap), then you're screwed... If anyone breaks
into a "neighbor" of yours (and usually one of them knows nothing about
security), in 10 minutes they're in your machine too... Moral: don't
use cleartext passwords for shell-enabled accounts. It's possible: I
succeeded in enforcing such a rule in a machine I administer with about 10
users.
Nadav.
--
Nadav Har'El | ###### ######## # | <-- Sorry if
Email: [EMAIL PROTECTED] | # # # | you can't
Department of Mathematics, Technion | # # # | read Hebrew.
Israel Institute of Technology | ######## # ###### | Nadav. ;)
WWW page: http://harel.org.il/nadav ICQ #13349191
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
