[H-GEN] E Smith Hacked

[Tony Bilbrough]

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

G'day All,
I have been repeatedly warned that E Smith does not have an effective firewall.
But I have not had any problems since February, when it first fired up, so I
never thought too much about it.
A rather cavalier attitude of ‘she'll be right, Mate', I know.
In fact, only last week Hilton Travis suggested I install Smoothwall, and Alan
Harrison even pointed me to the free Lite version, and I thought ‘yep' the very
next project ,,,,,, 
right after I have finished building the Humbug Trolley, oh and perhaps after I
have serviced the Bedford van and...and.....

Anyway, I use the ‘Air Gap policy', turning the Modem off each night, only
leaving it on during the day.
Because
- black hackers only work at night
- I have forgotten the root password, and if I can't get into root, who the hell
else can.
- it will be all right Dear, promise
- I will get a round ‘Tuit' later
You want to add any?

*Anyhow
You can see this massive ignorance is inevitably leading somewhere?

This morning I fired up Crusher [the router/server with the old E Smith 4.1.2
version], and a little while after I was on line I heard its hdd thumping away,
red light full on, and lots of dancing lights coming from the cable modem.

And, I had heard that urgent sound once before, when a hole was accidentally
made in port 25 of my Debian firewall [poor programming], and 180 Mb of
redirecting spam mails got jammed in the system, before the router/server
finally expired, with an overflowing log file problem.
Incidently, this earned the approbation of Telstra Bigpond and I duly received a
note from them, a bit over a month later, warning me that I may have a security
problem in my network! Ever a prompt service, eh?

*Anyhow
Someone called Yoyo or Yoda has got into the router/server, yesterday June 16 at
3.00 pm and left a little package.
This androgynous, but sentient thing, has changed parts of the E Smith/ Red Hat
program:
I can remember the following as it booted this morning, but don't have a clue
where I would find the info again
- the boot up level changed from 7 down to the more conventional 6
- 3 lines of code added to the boot sequence which I didn't have time to
memorise or copy
and finally
- another computer on the network, running xp, it has had a shortcut added to
the desk top directing Netscape to yahoo.com/r/pp for a ‘direct payment' on
Monday, June 17, at 7 am.

The latter has left me with a rather watery feeling in the groin, so much so
that I just had a quick look under the desk to see if a puddle had formed 
there.

Now, I was wondering if any of you were interested in the attack, or the
programming changes, or wanted to see the hard drive, before I format it's
contents and do a reinstall of E Smith?

All this is in haste, as I am now sorting thru ‘bits', to build a box for a
Smoothwall!
Does any one have a copy of the Lite version I can borrow? I will come over and
pick it up.
And
Will it need 2 NIC's like the Router/Server, so that it is sort of daisy chained
- Modem to Firewall to Router/Server to Hub?
Or can it be installed into the E Smith box?

I am reluctant to stay on line longer than necessary to ‘post' this, so I will
only fire up Crusher again later this afternoon for a few minutes, and download
the mail, before switching the modem off once more.
cheers
Tony
-- 
Baggins -- ô¿ô  - (^!^)
I'm not a good example,
.......................just a terrifying warning.
int +61+7  local 3379 1048


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/