Just being a annoying tech!

**chris-harry** · 09-29-2005, 09:01 AM

hehe *evil laugh*...

so... i better get meself a network... hahaha

**Cuddles** · 09-29-2005, 04:08 PM

Originally Posted by chris-harry

hehe *evil laugh*...

so... i better get meself a network... hahaha

chris-harry,

Actually, having a network, and the ability to "remotely login" to it, has unlimited possibilities of fun... From the simple, playing network games, to the prankster, being able to fire off stuff that the user of that system is not aware of or starts. ( of course, you can do extreme good with this ability, like, blow away runaway processes that the user cant get to, or to regain display, tinker with startups without the user "looming over your shoulder", and the like.

Ms. Cuddles

**chris-harry** · 10-01-2005, 05:37 AM

doing good??? confusing... (joke joke)...

i must learn all these things

**jjmac** · 10-05-2005, 12:10 PM

>>
i must learn all these things
>>

oh dear eek
oh dear eeeeek

**chris-harry** · 10-05-2005, 11:11 PM

dont you mean

"AAAAAAAAAAAAARRRRRRRRRRGH!!! RUN FOR YOUR LIFES!!! EEEEEEEEEEEEEEEEEKKKKKKK!!!!"

**OErjan** · 10-06-2005, 05:33 PM

remotely login, something like:
ssh username@ip.nu.mb.er
or
ssh username@whateveryouhaveforhost
should work, provifing you have sshd running on the remote system AND a valid account there.
for more
search this forum. here is a sample of what i found
ttp://www.knoppix.net/forum/viewtopic.php?t=8740&highlight=ssh
http://www.knoppix.net/forum/viewtop...&highlight=ssh
http://www.knoppix.net/forum/viewtop...&highlight=ssh
EDIT there are ways of getting access to some computers without an acount. just so you know, security is important, and neglect is asking for trouble./EDIT

**Cuddles** · 10-07-2005, 03:16 PM

OErjan,

I used the man pages for ssh, and though this is more complex, in some ways, it can only be done, if both systems ( the "client" and "server" ) have the "key"...

ssh [ip address]

The man pages show you have to generate the correct "keys", where, and what, they are placed, and even how, to generate these keys. But, what it all comes down to is... You can gain access, either by user, or root, to another system, but, you still have to be able to get to that system in the first place, even to set all of this up.

Fyi,
Ms. Cuddles

**OErjan** · 10-07-2005, 05:08 PM

I was talking about that there are vulnerabilities in a few older versions (perhaps if we are unlucky current aswell) that can give acess to a system without an account by sending certain strings to the ipnumber on port22, just so you know.

**jjmac** · 10-10-2005, 10:42 AM

chris-harry wrote:
>>
dont you mean

"AAAAAAAAAAAAARRRRRRRRRRGH!!! RUN FOR YOUR LIFES!!! EEEEEEEEEEEEEEEEEKKKKKKK!!!!"
>>

hehehe .. yes, ... kinda (grin)

Just on the ssh access mentioned ...

I recently installed sarge, and am now running that. It appeares though that a sshd starts up auto at boot. Which didn't happen in woody (modified heaps). as it appears to be listening on port 22, i have noticed the occasional packet coming in on that port.

port 23 (telnet) gets the occasional touch as well.

I only know this thanks to the "logwatch" dpkg that i installed. I have a faily good iptables firewall setup which drops anything unestablished or unsyn, and then logs to syslog/kern.log.

So ... the logwatch facility has been extracting that info and presenting it via the local mail facility.

Code:

logwatch extract ...

Dropped 72 packets on interface ppp0
   From 24.207.157.140 - 2 packets
      To 203.58.186.120 - 2 packets
         Service: 15118 (tcp/15118) (FW_LASTDROP:,ppp0,none) - 2 packets
   From 61.155.9.171 - 1 packet
      To 203.58.186.120 - 1 packet
         Service: ssh (tcp/22) (FW_LASTDROP:,ppp0,none) - 1 packet
   From 64.62.190.36 - 36 packets
      To 203.58.186.120 - 36 packets
         Service: telnet (tcp/23) (FW_LASTDROP:,ppp0,none) - 8 packets
         Service: www (tcp/80) (FW_LASTDROP:,ppp0,none) - 8 packets
         Service: socks (tcp/1080) (FW_LASTDROP:,ppp0,none) - 8 packets
         Service: 3128 (tcp/3128) (FW_LASTDROP:,ppp0,none) - 4 packets
         Service: 6588 (tcp/6588) (FW_LASTDROP:,ppp0,none) - 4 packets
         Service: webcache (tcp/8080) (FW_LASTDROP:,ppp0,none) - 4 packets
   From 83.245.15.238 - 3 packets

etc

As you can see i label my DROP target as "FW_LASTDROP".

I'll have to look into my "snort" setup and possible configure some alet for those.

Point i'm trying to make though is, that even though they are being logged and dropped ... i havn/t noticed because i haven't had time to trawl through my syslog/kern.log files. Or run an extraction program iv'e got for those (manual run).

I don't need any external ssh listening so i'll have to turn it off, and get rid of my telnet program as well.

But if it wasn't installing "logwatch", albeit accidently

, i wouldn't have known !.

It does pay to be diligent i think, hmmmmmmmm.

The only other stuff i get is the usuall net-bios ping rubbish from my local IP, the somewhat irritating "ICMP PING CyberKit 2.2 Windows" pings, the occasional MS-SQL Worml probe ... always from the same general loci "chinas telecom" (grin), hmmmm

Last year was mayhem though. Total ping wars everywhere.

jm

**chris-harry** · 10-11-2005, 10:31 AM

until me main computer gets fixed... i wont be able to play with me kernal or iptables or anything... so... i have time to read up on all this... any good info anywhere???