[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] IPs related to hackers
- Subject: RE: [cobalt-users] IPs related to hackers
- From: "Rick Ewart" <cobalt@xxxxxxxxx>
- Date: Mon Feb 12 11:27:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
>>
>> * could they be getting info on RaQ's from this email list?
>
>This list (and others like it, including support newsgroups) must be a
goldmine for hackers.
>By monitoring this list, they get a target domain name they can identify as
very probably running a RAQ of some sort. Even if you >don't use a sig, the
info is likely in the email headers. If you're asking a question, you'll say
what machine you have - the standard >version of all programs that comes on
those particular machines is public knowledge. All they need to do is test
those holes, and if >you haven't been up-to-date with the patches, they're
in again. You might even say you're having trouble with version x.x of a
inet >program. If that program has a known exploit, their work is done.
I agree... A couple of steps you can take. Their not fool proof, but why ask
for trouble
1) make sure IP addresses have your provider's name, not yours, in ARIN
2) use an email address that isn't associated with your RaQ - I finally
found a use for that email address from your ISP, or Hotmail
3) forget advertising yourself on the list w/ sig lines - we already have a
host provider ;-)
4) NEVER give out any infor that gives away your IP or domain names, if
possible
5) Host your own site somewhere else - that way your domain name/business
name doesn't show an association to the RaQ
6) If you host a site of your own on your RaQ, disable spidering with
robots.txt to avoid links and info getting into the search engines (other
than what you REALLY want people to know)
7) Use fake names on your domain registration to limit social engineering
8) Instruct your staff about social engineering
9) Keep REALLY current with patches
10) Use log check to your cell phone or pager so you can respond quicker to
an attack attempt
11) Be paranoid - they are obviously really out there (hackers, not aliens).
:)
12) Read lots of books to limit the need to ask other than SPECIFIC
questions on the list
13) Think like a hacker and secure accordingly - i.e. limit shell access,
use firewalls, and such.
I am sure there are others, but those come to mind immediately. I think
about 12), which seems counterproductive to the list but really isn't - I
just think that "gee I have no clue what I am doing, here's my IP" is a
really bad idea.
Have fun.
Rick