--
Morgan Ramsay
Founder & CEO
Sonic Expansion Networks
There is an alt.cracks group which might be what you want.
(I don't know. I've never read it. It could be all about
coccaine for all I know.)
"Sparky" <spark...@home.com> wrote...
Like most network admins haven't caught people "doing bad things". It's
part of the job - I'm sure most wouldn't be interested if I posted that I
caught a guy with a port sniffer on our network today.
>
> I think you'll find that people here prefer a high S/N, and
> would consider such postings off-topic. Perhaps one of the
> alt.* groups carries this material.
Agreed, it probably is off topic, unless it's of relevance to other admins.
The group deals with the more technical aspects of security, not funny
stories.
>
> There is an alt.cracks group which might be what you want.
> (I don't know. I've never read it. It could be all about
> coccaine for all I know.)
>
alt.cracks is for serial no.s and codes for licenced software - not really
relevant. alt.hacker might be interested as it's mostly full of grey-hat
sys admins, but I think it would really have to be interesting to stop you
from coming out char-grilled.
bomba
--
When I wake up in the morning, I just can't get started until I've had that
first, piping hot pot of coffee. Oh, I've tried other enemas... - Emo
Philips
> Like most network admins haven't caught people "doing bad things". It's
> part of the job - I'm sure most wouldn't be interested if I posted that I
> caught a guy with a port sniffer on our network today.
To be honest, I know very few NT/2K admins who have the skills to capture
all but the most obvious "people doing bad things". Very few infrastructures
are configured to prevent or detect such things. Look, even in this group, at
some
of the questions posted. It was earlier this week that someone posted log
files
showing a variation of the poisonbox worm, and asked "what is this??" Lately,
folks have been posting just about everything under the sun, claiming that it's
Code Red. Just a couple of weeks ago, there was a thread in this group...some
guy
presented a problem, and said he didn't have IIS installed. Then he came back
a
couple of days later and said he did. How do you NOT know that?
If you want something interesting to read, take a look at JD Glaser's BlackHat
presentation from Singapore, 2000. Also, I had an article on incident response
tools published on the SecurityFocus (Focus-MS) web site recently, that may
be useful.
> Agreed, it probably is off topic, unless it's of relevance to other admins.
> The group deals with the more technical aspects of security, not funny
> stories.
That may be the case, but addressing methodologies, tools and techniques can
be much more than a "funny story". If the author chooses to write about what
happened, and what steps were taken, and avoids profanity, etc., I think that
such things might benefit others.
> alt.cracks is for serial no.s and codes for licenced software - not really
> relevant. alt.hacker might be interested as it's mostly full of grey-hat
> sys admins, but I think it would really have to be interesting to stop you
> from coming out char-grilled.
Most of those groups under alt.hackers.* and related ones (alt.2600, etc) have
a very, very low SNR.
I'm fully aware of the type of reactive admins who populate this NG.
>
> If you want something interesting to read, take a look at JD Glaser's
BlackHat
> presentation from Singapore, 2000. Also, I had an article on incident
response
>
> tools published on the SecurityFocus (Focus-MS) web site recently, that
may
> be useful.
Just found it - I shall be reading it over the weekend.
>
> > Agreed, it probably is off topic, unless it's of relevance to other
admins.
> > The group deals with the more technical aspects of security, not funny
> > stories.
>
> That may be the case, but addressing methodologies, tools and techniques
can
> be much more than a "funny story". If the author chooses to write about
what
> happened, and what steps were taken, and avoids profanity, etc., I think
that
> such things might benefit others.
As I said, "unless it's of relevance to other admins"...
>
>
> > alt.cracks is for serial no.s and codes for licenced software - not
really
> > relevant. alt.hacker might be interested as it's mostly full of
grey-hat
> > sys admins, but I think it would really have to be interesting to stop
you
> > from coming out char-grilled.
>
> Most of those groups under alt.hackers.* and related ones (alt.2600, etc)
have
> a very, very low SNR.
SNR?
And I would agree. But an event looses it's relevance when the author doesn't
know how to draft a post with relevant information in it.
> SNR?
Sorry. Signal-to-noise ratio.
Hmm. If an author posts something without all the relevant info, you can
take it back to them, and possibly make them think if they haven't gone
through a step already. There's something kind of satisfying about talking
an admin through a problem, and eventually the post will cover most, if not
all, of the relevant points.
> > SNR?
>
> Sorry. Signal-to-noise ratio.
>
Thought so, but thought I'd check. So your point being that there's not a
huge amount of "hacking" going on in those NGs? Well, I only hang out in
alt.hacker, and it's much less to do with the common perception of a
"hacker" who breaks in to things, and more to do with the original meaning
of people who create things. If you reference to stuff in there that is
illegal, you will get flamed, however, on the whole, it is a very
interesting group, and there is a huge amount of knowledge in there.
BTW, I read your article on incident response tools, and it was very
interesting. And, as I expected, a heavy amount of referencing to your
favourite coding language :)
bomba
--
Crack M$ Office XP - Get Laid!
www.microsoft.com/switzerland/de/officexp/library/images/30sekdt01.mpeg
[http://althacker.org/~savant/Get_Laid.jpg] - Currently offline