[Coco] Not sure about the Barden issue

Boisy G. Pitre boisy at boisypitre.com
Tue Jul 27 22:02:02 EDT 2004


On Jul 27, 2004, at 3:08 PM, Neil Morrison wrote:

>
> I did wonder. Seemed too good to be true.
>
> I see that "X-Originating-IP: [24.196.220.38]" seems to be forged.
>

It is not forged.  In fact it is the IP address of my router.

At 9:02 AM, someone logged onto my Linux box (24.196.220.38) through an 
account that I have open for NitrOS-9 and related work.  The same 
individual stayed logged on for 6 hours, unbeknownst to me.  In the 
mean time, I suspect that he (or she?) wreaked the havoc that ensued.

This particular account has been used by a number of people throughout 
the last couple of years.  It appears that this account (and the Linux 
box) is where the mysterious "Barden Emails" originated.  Around 10 
people that I know of have username and password access to this account 
(assuming THEY haven't shared the information with someone else).  Out 
of those 10, I have heard back from two and I feel quite confident that 
they weren't behind the emails nor did they share the username/password 
information with anyone else.

I don't have shell command tracking turned on, so I was unable to view 
a log of the commands used, but a litter of files and file dates 
confirm to me that my machine was used for this (in addition to the IP 
address connection).

As soon as I realized what happened, I emailed Dennis and turned off 
the account, so this shouldn't be a recurring problem.

I am livid that someone would take advantage of my system in this way, 
especially when I opened it up to help CoCo users.  As wrote in my 
email to Dennis, someone has an extreme vendetta against Steve Bjork 
and or this mailing list.  These types of emails have appeared on the 
coco newsgroup, but at this point I have no idea who might have done 
this.

Boisy




More information about the Coco mailing list