Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Any interesting admin stories?

2 views
Skip to first unread message

Sparky

unread,
Aug 23, 2001, 10:50:57 PM8/23/01
to
Post your stories here like people you've caught doing bad things and other
cool stuff that a personal network admin would not have heard of.

--
Morgan Ramsay
Founder & CEO
Sonic Expansion Networks


Ken Hagan

unread,
Aug 24, 2001, 4:53:24 AM8/24/01
to
I think you'll find that people here prefer a high S/N, and
would consider such postings off-topic. Perhaps one of the
alt.* groups carries this material.

There is an alt.cracks group which might be what you want.
(I don't know. I've never read it. It could be all about
coccaine for all I know.)

"Sparky" <spark...@home.com> wrote...

bomba

unread,
Aug 24, 2001, 8:28:13 AM8/24/01
to
"Ken Hagan" <K.H...@thermoteknix.co.uk> wrote in message
news:newscache$fzdkig$dxh$1...@firewall.thermoteknix.co.uk...

> "Sparky" <spark...@home.com> wrote...
> > Post your stories here like people you've caught doing bad
> > things and other cool stuff that a personal network admin
> > would not have heard of.

Like most network admins haven't caught people "doing bad things". It's
part of the job - I'm sure most wouldn't be interested if I posted that I
caught a guy with a port sniffer on our network today.

>
> I think you'll find that people here prefer a high S/N, and
> would consider such postings off-topic. Perhaps one of the
> alt.* groups carries this material.

Agreed, it probably is off topic, unless it's of relevance to other admins.
The group deals with the more technical aspects of security, not funny
stories.

>
> There is an alt.cracks group which might be what you want.
> (I don't know. I've never read it. It could be all about
> coccaine for all I know.)
>

alt.cracks is for serial no.s and codes for licenced software - not really
relevant. alt.hacker might be interested as it's mostly full of grey-hat
sys admins, but I think it would really have to be interesting to stop you
from coming out char-grilled.

bomba

--
When I wake up in the morning, I just can't get started until I've had that
first, piping hot pot of coffee. Oh, I've tried other enemas... - Emo
Philips

H C

unread,
Aug 24, 2001, 9:46:08 AM8/24/01
to

> Like most network admins haven't caught people "doing bad things". It's
> part of the job - I'm sure most wouldn't be interested if I posted that I
> caught a guy with a port sniffer on our network today.

To be honest, I know very few NT/2K admins who have the skills to capture
all but the most obvious "people doing bad things". Very few infrastructures
are configured to prevent or detect such things. Look, even in this group, at
some
of the questions posted. It was earlier this week that someone posted log
files
showing a variation of the poisonbox worm, and asked "what is this??" Lately,
folks have been posting just about everything under the sun, claiming that it's

Code Red. Just a couple of weeks ago, there was a thread in this group...some
guy
presented a problem, and said he didn't have IIS installed. Then he came back
a
couple of days later and said he did. How do you NOT know that?

If you want something interesting to read, take a look at JD Glaser's BlackHat
presentation from Singapore, 2000. Also, I had an article on incident response

tools published on the SecurityFocus (Focus-MS) web site recently, that may
be useful.

> Agreed, it probably is off topic, unless it's of relevance to other admins.
> The group deals with the more technical aspects of security, not funny
> stories.

That may be the case, but addressing methodologies, tools and techniques can
be much more than a "funny story". If the author chooses to write about what
happened, and what steps were taken, and avoids profanity, etc., I think that
such things might benefit others.


> alt.cracks is for serial no.s and codes for licenced software - not really
> relevant. alt.hacker might be interested as it's mostly full of grey-hat
> sys admins, but I think it would really have to be interesting to stop you
> from coming out char-grilled.

Most of those groups under alt.hackers.* and related ones (alt.2600, etc) have
a very, very low SNR.

bomba

unread,
Aug 24, 2001, 12:25:01 PM8/24/01
to
"H C" <carv...@patriot.net> wrote in message
news:3B865AA0...@patriot.net...

> To be honest, I know very few NT/2K admins who have the skills to capture
> all but the most obvious "people doing bad things". Very few
infrastructures
> are configured to prevent or detect such things. Look, even in this
group, at
> some
> of the questions posted. It was earlier this week that someone posted log
> files
> showing a variation of the poisonbox worm, and asked "what is this??"
Lately,
> folks have been posting just about everything under the sun, claiming that
it's
>
> Code Red. Just a couple of weeks ago, there was a thread in this
group...some
> guy
> presented a problem, and said he didn't have IIS installed. Then he came
back
> a
> couple of days later and said he did. How do you NOT know that?

I'm fully aware of the type of reactive admins who populate this NG.

>
> If you want something interesting to read, take a look at JD Glaser's
BlackHat
> presentation from Singapore, 2000. Also, I had an article on incident
response
>
> tools published on the SecurityFocus (Focus-MS) web site recently, that
may
> be useful.

Just found it - I shall be reading it over the weekend.

>
> > Agreed, it probably is off topic, unless it's of relevance to other
admins.
> > The group deals with the more technical aspects of security, not funny
> > stories.
>
> That may be the case, but addressing methodologies, tools and techniques
can
> be much more than a "funny story". If the author chooses to write about
what
> happened, and what steps were taken, and avoids profanity, etc., I think
that
> such things might benefit others.

As I said, "unless it's of relevance to other admins"...

>
>
> > alt.cracks is for serial no.s and codes for licenced software - not
really
> > relevant. alt.hacker might be interested as it's mostly full of
grey-hat
> > sys admins, but I think it would really have to be interesting to stop
you
> > from coming out char-grilled.
>
> Most of those groups under alt.hackers.* and related ones (alt.2600, etc)
have
> a very, very low SNR.

SNR?

H C

unread,
Aug 24, 2001, 1:53:32 PM8/24/01
to
> As I said, "unless it's of relevance to other admins"...

And I would agree. But an event looses it's relevance when the author doesn't
know how to draft a post with relevant information in it.

> SNR?

Sorry. Signal-to-noise ratio.

bomba

unread,
Aug 27, 2001, 4:37:30 AM8/27/01
to
"H C" <carv...@patriot.net> wrote in message
news:3B86949C...@patriot.net...

> > As I said, "unless it's of relevance to other admins"...
>
> And I would agree. But an event looses it's relevance when the author
doesn't
> know how to draft a post with relevant information in it.
>

Hmm. If an author posts something without all the relevant info, you can
take it back to them, and possibly make them think if they haven't gone
through a step already. There's something kind of satisfying about talking
an admin through a problem, and eventually the post will cover most, if not
all, of the relevant points.

> > SNR?
>
> Sorry. Signal-to-noise ratio.
>

Thought so, but thought I'd check. So your point being that there's not a
huge amount of "hacking" going on in those NGs? Well, I only hang out in
alt.hacker, and it's much less to do with the common perception of a
"hacker" who breaks in to things, and more to do with the original meaning
of people who create things. If you reference to stuff in there that is
illegal, you will get flamed, however, on the whole, it is a very
interesting group, and there is a huge amount of knowledge in there.

BTW, I read your article on incident response tools, and it was very
interesting. And, as I expected, a heavy amount of referencing to your
favourite coding language :)

bomba

--
Crack M$ Office XP - Get Laid!
www.microsoft.com/switzerland/de/officexp/library/images/30sekdt01.mpeg
[http://althacker.org/~savant/Get_Laid.jpg] - Currently offline

0 new messages