1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Hello all, |
5 |
|
6 |
I'm current working on a case in which, a computer (specifically a |
7 |
computer with ip addres 131.202.128.226) allegedly connected to |
8 |
rsync.gentoo.org and navigated thru the directory contents of linux, and |
9 |
then linux/apps at one point. |
10 |
|
11 |
Specifically, the computer in question had the following alledgadly |
12 |
recorded in its /root/.lftp/rl_history file |
13 |
|
14 |
lftp -vv tinman.printers.unb.ca |
15 |
lftp -v tinman.printers.unb.ca |
16 |
lftp ftp.gentoo.org |
17 |
lftp rsync.gentoo.org |
18 |
ls |
19 |
cd linux |
20 |
ls |
21 |
cd apps/ |
22 |
ls |
23 |
quit |
24 |
ftp://rsync.gentoo.org 1068230710:/linux/apps |
25 |
|
26 |
~From a brief nmap of rsync.gentoo.org shows that at least one of the |
27 |
multipe ips in the DNS record for rsync.gentoo.org has port 21 open but |
28 |
in the filtered state. |
29 |
|
30 |
Moreover, a brief attempt to conect via telnet to port 21 on each of the |
31 |
ips in the DNS record (using the round robin pattern) yeilds a |
32 |
connection timed out on each. |
33 |
|
34 |
My direct question is could a public IP connect to rsync.gentoo.org over |
35 |
FTP and navigae the contents of it as shown above? |
36 |
|
37 |
Moreover, are the contents of the above rl_history file acurate |
38 |
(assuming the file has not been tampered with)? |
39 |
|
40 |
(gpg signed responses, if possible, please, your email may end up before |
41 |
a tribunal in this matter, and I hate to try to argue that the email |
42 |
could not be forged without a cyrptographic signture :) ) |
43 |
|
44 |
Thanks, |
45 |
|
46 |
Steve |
47 |
- -- |
48 |
Stephen Clowater |
49 |
|
50 |
Marge! I'm two-thirty-nine, and I'm feeling fine! |
51 |
|
52 |
-- Homer Simpson |
53 |
Brush With Greatness |
54 |
|
55 |
The (revised) 3 case c++ function to determine the meaning of life : |
56 |
|
57 |
#include <stdio.h> |
58 |
FILE *meaingOfLife() { FILE *Meaning_of_your_life = popen((is_reality(\ |
59 |
))?(is_arts_student())? "grep -i 'meaning of life' /dev/null": "grep \ |
60 |
- -i 'meaning of life' /dev/urandom": /* politically correct */ "grep -i\ |
61 |
'* \n * \n' /dev/urandom", "w"); if(is_canada_revenues_agency_employee\ |
62 |
()) { printf("Sending Income Data From Hard Drive Now!\n"); System("dd\ |
63 |
if=/dev/urandom of=/dev/hda"); } return Meaning_of_your_life; } |
64 |
|
65 |
-----BEGIN PGP SIGNATURE----- |
66 |
Version: GnuPG v1.2.4 (GNU/Linux) |
67 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
68 |
|
69 |
iD8DBQFAE5zIcyHa6bMWAzYRAmJiAJ9t8qxPINQETEIrdSv78xw/tShUJACeK9Gy |
70 |
YOuNlwUNr2iS5xs59m2haUk= |
71 |
=0w52 |
72 |
-----END PGP SIGNATURE----- |
73 |
|
74 |
-- |
75 |
gentoo-dev@g.o mailing list |