Re: [cobalt-users] how do the hackers find your Raq?

["Arsalan Mahmud" <arsalan@xxxxxxxxxxxx>]

What we have seen is that people scan the ips of well know hosting companies
keeping cobalt farms, that is if they realy are looking for cobalt's. Mostly
they take a cobalt down because they were scanning for a redhat system.

Arsalan Mahmud
Nexus Technologies
http://www.nexus.net.pk
----- Original Message -----
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, May 23, 2001 8:28 AM
Subject: Re: [cobalt-users] how do the hackers find your Raq?


> "Dico Reyers" <dico@xxxxxxxxxxxxxxxx> wrote:
> > Perhaps this is a silly question
>
> It's a good question.
>
> > but how do the hackers find your
> > vunerable Raq?  Do they just scan a whole whack of IPs and hope some of
> > them are cobalt machines?
>
> A lot of them scan IP ranges, check for open and ports and check for known
> vulnerabilities.  Once found, the hacker will decide if a machine's worth
> rooting and go about his business.  A lot of them use programs to do the
> scanning and rootkits and instructions to exploit the server and take
> control of it.  And the hacker often has to know little more than how to
> click a mouse and paste text into a shell program.  Fun, eh?  I don't know
> how many are seeking out Cobalt boxes, but it wouldn't be hard to find
them
> if there's a known exploit that affects a Cobalt box.  If you know the
name
> of a hosting company with hundreds of RaQs it's trivial to look up the IP
> blocks it controls and scan them.
>
> --
> Steve Werby
> President, Befriend Internet Services LLC
> http://www.befriend.com/
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>
>