From jericho@dimensional.com Fri Jun 20 23:17:10 1997 Date: Fri, 20 Jun 1997 18:07:08 -0600 (MDT) From: jericho@dimensional.com To: kelly@fsl.noaa.gov Cc: root@sekurity.org Subject: Re: recent publicity about the.art.of.security.org (fwd) >>From kelly@fsl.noaa.govFri Jun 20 19:06:41 1997 >Date: Fri, 20 Jun 1997 10:33:14 -0600 >From: Sean Kelly >To: freebsd-security@FreeBSD.ORG >Subject: Attempt to compromise root >(1) Does this type of attack seem familiar? Is anyone aware of >"sekurity.org" and what their purpose is? Is there someone there to >whom I should complain? (Doubtful, as it appears the reason that ftp >site exists is to provide a repository of cracking code.) Greetings. I am the owner and primary admin of sekurity.org, and do not appreciate your slander, especially on a public mail list. Apparently you are as much the 'idiot' as your hacker friend, in that you are not aware of how things work either. Is there someone you can complain to? Yes. root@sekurity.org would be your first step. If that is not sufficient, you can do a "traceroute" ('man traceroute' if you are unfamiliar with that utility), and find out who my upstream provider is. In my case, it is Dimensional Communications (dimensional.com, dim.com, dimcom.net). David Denny is the primary admin and contact there. Third step would be to contact CERT or anyone else you would like. In any case, CCing letters to root@sekurity.org would be a standard practice since that gives me (or whoever you are complaining about) a chance to respond to your slander. "the.art.of" is a customer machine that is co-located at this POP. The admin of that machine is physically out of town, but checking mail (zen@sekurity.org), so you may contact him there. That machine is not the primary FTP server on this network. "obscure.sekurity.org" is. If you would care to take time to look at the files here, you would see I offer up more security related information than hacking related. And for those unversed in the security field (as you seem to be), hacking information is directly related to security information. What better way to stop an attack than to understand how it works? Aside from that, I offer text files, literature, classical art, music, special interest areas, and a wide variety of other files. Your statement that it is a repository for hacking tools indicates that you either 1) didn't check the site out, 2) didn't know how networks operate and catch the fact that ftp.sekurity.org is aliased to "obscure", not "the.art.of", or 3) were an 'idiot' as you call your attacker. Your wording does NOT say that you think "the.art.of" is the "cracking repository".. it says "sekurity.org" which aliases to my primary server for just about everything. As for our purpose, send a blank letter to info@sekurity.org, finger info@sekurity.org, or mail root and ask what our purpose is. I am very open about the activity here, and am always willing to help out other admins if they have a problem with this network. If you have any further questions about ANYTHING on this server, ANY of my customers, or ANYTHING else security related, I will be more than happy to assist you in whatever way I can. Damien Sorder Network Security Engineer