Back to article
Foil Wireless Poachers and Have Fun Doing It (Part 2)
Killing and Slaying
January 31, 2007
Last week we learned some fun ways to mess with the minds of wireless freeloaders, and introduced ourselves to some methods for finding out who is on our networks. Today we're going to learn some different ways to kick unwanted visitors off networks, and how to see exactly who is lurking on our airwaves.
Who says computer geeks are mild-mannered, non-violent wimps? Why, we have all manner of violent commands at our fingertips. Like
2 users: (1 local, 0 telnet, 0 ssh, 1 other) load: 0.02, 0.12, 0.12 (init) pinball tty2 -bash (kdm) carla :0 -
Oy, you exclaim! Pinball should not be logged into the fileserver! Pinball should not even have a login account on the fileserver! This is very bad! What shall I do?
First of all, stop panicking. Use the Up/Down arrow keys to navigate to Pinball, then hit Enter. You'll see this:
2 users: (1 local, 0 telnet, 0 ssh, 1 other) load: 0.12, 0.36, 0.29 (init) pinball tty2 6972 - /bin/login -- 6975 `- -bash
Select the line with the lowest process number by using the arrow keys, and hit Ctrl+K to kill Pinball. Then you'll see this:
2 users: (1 local, 0 telnet, 0 ssh, 1 other) load: 0.29, 0.34, 0.28 (init) pinball tty2 User logged out
Ha. Take that, Pinball. The Enter key toggles between the selected user and the list of users. Press F9 to expose the top menus. Obviously you now need to figure out how an unauthorized user was able to log into your server, repair the breach, and look for rootkits or other nasties. You might even need to rebuild the whole system. But at least you found out there was an intruder, which is always a good thing to know.