Recently, a password-less demo account was accessed by someone who had no
intention of testing the demo, but rather in messing about with the system.
The access was directly through a modem to a native serial port on an SCO
UNIX box.
The infiltrator erased the .profile, set up a password for him/herself, and
left a .plan file that was the following:
RADD
CORP/TVMS
(Tm)Trademark 1993,1994 RaDD(Tm)Trademark 1993,1994 TvmS All Rights
Reserved Tvms/RaDD Corp -Security SuCks Big One Wiz KID'94 -
Well, I don't think any malicious damage was done, but I do have a record
of most of the commands that were run and mostly the breaker was running
"nohup mail" and getting listings of the file system.
While this doesn't have a lot to do with firewalls, I'm looking for any
relevant comments, and also posting the experience for the benefit of
others who may find it useful.
Mark T. Dornfeld, CYANTIC Systems Voice: (416) 234-9048
101 Subway Crescent Suite 2103 Facsimile: (416) 234-0477
Etobicoke, Ontario, M9B 6K4 CANADA Email: mark @
cyantic .
com
|
|
