ToastGodSupreme Posted June 20, 2003 Share Posted June 20, 2003 (edited) I run a private FTP on my server (one of my server's functions). Basically, I keep a running log for roughly a week. Well, when I get bored, I go through my logs and check ip addys and whatnot and see if I see any unrecognized ones. Granted, I have a dynamic IP addy, so maybe some of these people hitting me are just lost users looking for the old owner of this IP. So what I like to do is fire up a program I have and try to do a null session connection to these people and see what info I can dig up (I mostly do this out of boredom, I've actually never done it to try and actually gain access to a computer {at least one that wasn't my own}). Typically, most cases result in a cannot connect, or access is denied. That's good. At least these people have some sort of security (either secured through a firewall or NAT or properly secured OS). But then there's the occassional person who is wide open to attacks. And today, I got the worst one I'd ever seen. A LITTLE EXCERPT FROM THIS ONE MACHINE:total 20 user accounts, 1 workstation accounts, 1 server accounts, 0 domain trust accounts and 5 unsecure passwords! Now when I scanned and brute forced them (just a tiny dictionary attack), I used a measly little dictionary file of 30 words. This took roughly 7 minutes total to do and in exchange for that time, well, you can see what I got. Luckily for them, I'm nice enough to track down their email addy and send a notice to their admin about this. That's just sad though. I sugest to those of you who don't have ports 135-139 secured (NetBIOS) to google RestricAnnonymous, and Null Session. There are also other fun ports which you should lock down. Go check out some security sites for more info. Edited June 21, 2003 by ToastGodSupreme Link to comment Share on other sites More sharing options...
Hypoxiaicon Posted June 21, 2003 Share Posted June 21, 2003 Want to see if you can get anything from my IP? Link to comment Share on other sites More sharing options...
MxxCon Posted June 21, 2003 Share Posted June 21, 2003 Luckily for them, I'm nice enough to track down their email addy and send a notice to their admin about this (actually found the admin's addy on one of the unsecure drives, go figure bad move. :no: if their systems got compromized before you can the 1st person to blame.. you accessed private systems for which you had no authorization access for all you know it could've been honeynet... Link to comment Share on other sites More sharing options...
Shibby Posted June 21, 2003 Share Posted June 21, 2003 yeah but if he did alter something he probley would of not sent em a mail but people are kind and understanding maybe the place he got in to would understand what he did he could of saved em ???? Link to comment Share on other sites More sharing options...
Recommended Posts