[Dshield] subnets, labrea, and sunrpc

John Sage jsage at finchhaven.com
Sun Mar 24 21:22:11 GMT 2002

Although I think it's utterly pointless to respond to "Susan", as she
still hasn't learned how to reply to a thread, and doesn't seem to be
paying any attention to the information people are _trying_ to offer
her, somehow I can't resist a thought or two.

Call me a masochist, if you will.

On Sun, Mar 24, 2002 at 01:07:23PM -0600, James wrote:
> Susan,


> >Well I had to tighten this computer up first anyway, that was my first 
> >linux install and though pretty it wasn't real secure. Had to start 
> >somewhere...I fixed it hopefully, definitely it's tighter now... after 
> >noticing things I attempted to download were also disppearing to never 
> >never land I got the hint... sunrpc connecting to some 216.xxx (a google 
> >webbot?) address all day... what is sunrpc is probably a much better question.

"...sunrpc connecting to some 216.xxx..."

If this was a connection going _outbound_ she's toast.

Chances are good she's been rooted.

All we can hope is that she has the sense to disconnect her system
from the internet, completely scrape the harddrive clean down to the
metal, and do a full re-install.

Personally, I doubt very much that she has the sense to do this, or
_any_ understanding as to why she might need to.

Let me be real blunt.

This person has no clue.

She's a danger to all (as slight or as great a danger as a rooted box
might be..), now that she's been compromised.

I personally see no indication that, after all the posts she's made to
the list (and I think that by shear volume she may have out-numbered
almost everyone else..) she's picked up even the slightest knowledge.

Personally, I've > /dev/null'ed all her posts.

> >Something got in here hard the other night so I started over. After the 
> >desktop starts shaking... well I am sure you know the rest. It took them 
> >about 4 weeks this time though, as opposed to 20-48 hours on my windows 
> >machines. At least that's something. And that was a standard RH 7.2 
> >install with very little or no tweaking.

"...something got in here real hard the other night..."

Are you kidding me?

"...a standard RH 7.2 install with very little or no tweaking..."?

Oh, good. A known recipe for disaster.

It took 4 weeks this time?


It may have taken her 4 weeks to _realize_ she'd been had...

- John
The weirdest thing about Window$ is that it's so opaque

ps: Johannes: go ahead and reject this post, too. It may be harsh, but
somebody's got to say it.

