Home
FAQ
Search
Login
Register
Options
 

Board index » Original Member Tutorials: Why not write one Today » General Tutorials
 


Post new topic Reply to topic

Tutorial - Network Intrusions

Topic Options
Author Message
Offline Harry
 Post subject: Tutorial - Network Intrusions
PostPosted: Tue Mar 07, 2006 7:47 pm
  
User avatar
Site Admin

Joined: Sat Feb 11, 2006 10:44 pm
Posts: 6601
Location: UK :-)
Code:
This excellent tutorial is the work of NTSA, who has very kindly consented to the TAZ hosting it.

You can find the original post here:
http://www.antionline.com/showthread.php?s=&threadid=230396

Enjoy!


This is an impromptu tutorial on tracing skiddiots - because I just found one in our logs:

Quote:
ClientHost LogTime Service Machine
-------------------------------------------------------------------------------
199.111.104.201 2002-06-15 17:49:30.000 W3SVC1 NTSA-SERV

ServerIP Target Parameters
----------------------------------------------------------------------------
xxx.xxx.xxx.xxx /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir


I'm sure we all recoginse the cook-book directory traversal explot attempted here (which failed btw). So it's a kiddiot. Let's take a quick trip to www.samspade.org :

Quote:
Trying whois -h whois.arin.net 199.111.104.201
VERnet (NETBLK-VERNET-CIDR1)
University of Virginia
Academic Computing Center
Gilmer Hall
Charlottesville, VA 22901
US

Netname: NETBLK-VERNET-CIDR1
Netblock: 199.111.0.0 - 199.111.255.255
Maintainer: VER

Coordinator:
Jokl, James A. (JAJ17-ARIN) jaj@VIRGINIA.EDU
(804) 924-0616

Domain System inverse mapping provided by:

UVAARPA.VIRGINIA.EDU 128.143.2.7
JUNO.ACC.VIRGINIA.EDU 128.143.22.119

Record last updated on 05-Apr-1994.
Database last updated on 14-Jun-2002 20:01:02 EDT.


So the kiddiot is (probably) a student at University of Virginia. A nasty letter to the Netblock administartor will mean that's one kiddiot who's in for a nasty shock monday morning Word Up - and the word was 'busted'.

Quote:
Hi --

You are listed as the admin contact for the Netblock: 199.111.0.0 - 199.111.255.255

University of Virginia
Academic Computing Center
Gilmer Hall
Charlottesville, VA 22901


We monitored an attempted network intrusion from an address in your IP range today (2002-06-15). The attack, (which failed) came from IP address 199.111.104.201 at 17:49:30(GMT). The actual attack attempted was a simple directory traversal expolit against a command line.

I would be grateful if you could take appropriate sanctions against the student involved. Someone obviously considers themselves to be 'l33t' - perhaps you could explain to them that under new US legislation that such exploits are classed as terrorism.

Regards,

_________________
Drugs have taught an entire generation of kids the metric system..

TAZ's better half: http://www.theadminzone.com/

          Top  
 
 
Post new topic Reply to topic



Who is online

Users browsing this forum: No registered users and 1 guest

Display posts from previous:  Sort by  
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum


X-Static Skin - Designed by Alpha Trion © Skin-Lab 2008
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group