[Coco] Not sure about the Barden issue
Boisy G. Pitre
boisy at boisypitre.com
Tue Jul 27 22:02:02 EDT 2004
On Jul 27, 2004, at 3:08 PM, Neil Morrison wrote:
>
> I did wonder. Seemed too good to be true.
>
> I see that "X-Originating-IP: [24.196.220.38]" seems to be forged.
>
It is not forged. In fact it is the IP address of my router.
At 9:02 AM, someone logged onto my Linux box (24.196.220.38) through an
account that I have open for NitrOS-9 and related work. The same
individual stayed logged on for 6 hours, unbeknownst to me. In the
mean time, I suspect that he (or she?) wreaked the havoc that ensued.
This particular account has been used by a number of people throughout
the last couple of years. It appears that this account (and the Linux
box) is where the mysterious "Barden Emails" originated. Around 10
people that I know of have username and password access to this account
(assuming THEY haven't shared the information with someone else). Out
of those 10, I have heard back from two and I feel quite confident that
they weren't behind the emails nor did they share the username/password
information with anyone else.
I don't have shell command tracking turned on, so I was unable to view
a log of the commands used, but a litter of files and file dates
confirm to me that my machine was used for this (in addition to the IP
address connection).
As soon as I realized what happened, I emailed Dennis and turned off
the account, so this shouldn't be a recurring problem.
I am livid that someone would take advantage of my system in this way,
especially when I opened it up to help CoCo users. As wrote in my
email to Dennis, someone has an extreme vendetta against Steve Bjork
and or this mailing list. These types of emails have appeared on the
coco newsgroup, but at this point I have no idea who might have done
this.
Boisy
More information about the Coco
mailing list