[ale] My server was shut off

Dan Newcombe Newcombe at mordor.clayton.edu
Thu Aug 10 17:02:26 EDT 2000


On Thu, 10 Aug 2000, Tomas wrote:
> 	Im an Software Development major at Clayton State, and I use a
>linux server at the school to check email, irc and such.  well anyways
>this guy who is in charge of the whole network saw a professor at GT and
>I messing with the server and such.  Both of us have root access and the
>guy just shut down all traffic to the machine.  I can't believe the guy
would do that.

Well, I wish I was in charge of the whole network, but alas, I'm not.
However, network security is part of my job.  In the past, there have been
serveral people who have setup linux machine on campus, and all of them
had been hacked.  Since I am the contact for our domain, this has caused a
bit of annoyance, since all of these hacked machines were in turned used
for either DoS attacks, or other hacks.

So, what did I see - a student, who has a school provided e-mail account,
using a different account for e-mail and web.  Okay...I could have let
that slide, but at the same time, a user with a name that does not
correspond to any names listed in our student records system.  

So, I shut down the e-mail service, figuring that if it was someone who
should not have been using college resources for their own use, they would
probably not complain, and if they had a valid use, we would find out what
the story is.  We also contacted the administrator of the server to find
out what was going on.

Now that we know what is going on, we put things back the way they were.

For the record, I did not shut down all traffic to the machine, but
instead just had the MX records in the DNS point nowhere.

As for "believeing the guy would do that", look at it from my point of
view - every linux machine people have setup has been hacked, and there is
a user on this machine late at night who has no relationship to the
university that could be found.  I was looking out for our network and our
resources - kinda a shoot first, ask questions later.

I apologize if this caused any problems.  

BTW, congrats on the new little one.

	-Dan Newcombe
	

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list