| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Hello all, |
| 5 |
|
| 6 |
I'm current working on a case in which, a computer (specifically a |
| 7 |
computer with ip addres 131.202.128.226) allegedly connected to |
| 8 |
rsync.gentoo.org and navigated thru the directory contents of linux, and |
| 9 |
then linux/apps at one point. |
| 10 |
|
| 11 |
Specifically, the computer in question had the following alledgadly |
| 12 |
recorded in its /root/.lftp/rl_history file |
| 13 |
|
| 14 |
lftp -vv tinman.printers.unb.ca |
| 15 |
lftp -v tinman.printers.unb.ca |
| 16 |
lftp ftp.gentoo.org |
| 17 |
lftp rsync.gentoo.org |
| 18 |
ls |
| 19 |
cd linux |
| 20 |
ls |
| 21 |
cd apps/ |
| 22 |
ls |
| 23 |
quit |
| 24 |
ftp://rsync.gentoo.org 1068230710:/linux/apps |
| 25 |
|
| 26 |
~From a brief nmap of rsync.gentoo.org shows that at least one of the |
| 27 |
multipe ips in the DNS record for rsync.gentoo.org has port 21 open but |
| 28 |
in the filtered state. |
| 29 |
|
| 30 |
Moreover, a brief attempt to conect via telnet to port 21 on each of the |
| 31 |
ips in the DNS record (using the round robin pattern) yeilds a |
| 32 |
connection timed out on each. |
| 33 |
|
| 34 |
My direct question is could a public IP connect to rsync.gentoo.org over |
| 35 |
FTP and navigae the contents of it as shown above? |
| 36 |
|
| 37 |
Moreover, are the contents of the above rl_history file acurate |
| 38 |
(assuming the file has not been tampered with)? |
| 39 |
|
| 40 |
(gpg signed responses, if possible, please, your email may end up before |
| 41 |
a tribunal in this matter, and I hate to try to argue that the email |
| 42 |
could not be forged without a cyrptographic signture :) ) |
| 43 |
|
| 44 |
Thanks, |
| 45 |
|
| 46 |
Steve |
| 47 |
- -- |
| 48 |
Stephen Clowater |
| 49 |
|
| 50 |
Marge! I'm two-thirty-nine, and I'm feeling fine! |
| 51 |
|
| 52 |
-- Homer Simpson |
| 53 |
Brush With Greatness |
| 54 |
|
| 55 |
The (revised) 3 case c++ function to determine the meaning of life : |
| 56 |
|
| 57 |
#include <stdio.h> |
| 58 |
FILE *meaingOfLife() { FILE *Meaning_of_your_life = popen((is_reality(\ |
| 59 |
))?(is_arts_student())? "grep -i 'meaning of life' /dev/null": "grep \ |
| 60 |
- -i 'meaning of life' /dev/urandom": /* politically correct */ "grep -i\ |
| 61 |
'* \n * \n' /dev/urandom", "w"); if(is_canada_revenues_agency_employee\ |
| 62 |
()) { printf("Sending Income Data From Hard Drive Now!\n"); System("dd\ |
| 63 |
if=/dev/urandom of=/dev/hda"); } return Meaning_of_your_life; } |
| 64 |
|
| 65 |
-----BEGIN PGP SIGNATURE----- |
| 66 |
Version: GnuPG v1.2.4 (GNU/Linux) |
| 67 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
| 68 |
|
| 69 |
iD8DBQFAE5zIcyHa6bMWAzYRAmJiAJ9t8qxPINQETEIrdSv78xw/tShUJACeK9Gy |
| 70 |
YOuNlwUNr2iS5xs59m2haUk= |
| 71 |
=0w52 |
| 72 |
-----END PGP SIGNATURE----- |
| 73 |
|
| 74 |
-- |
| 75 |
gentoo-dev@g.o mailing list |
Archives