[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] how do the hackers find your Raq?
- Subject: Re: [cobalt-users] how do the hackers find your Raq?
- From: "John Theriault" <cabal@xxxxxxxxxxx>
- Date: Thu May 24 03:26:33 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
----- Original Message -----
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, May 24, 2001 10:23 AM
Subject: Re: [cobalt-users] how do the hackers find your Raq?
> "Carrie Bartkowiak" <ravencarrie@xxxxxxxx> wrote:
> > The easiest way is to just watch this list and the security list and
> > wait for someone to post their IP or URL and say they've got <insert
>
> Actually, that seems like work! Really, all that someone needs to do is
get
> a program that scans IPs, get the IP ranges of a few server web farms and
> plug them into the program and wait to see what it reports.
>
This is a commonly used method, yes. But there's another trick that's used
as well. Many ISP's will set their routers to block ip and portscans. So
what do the little anklebiters do in this case? Simple.
There are one or two programs (can't remember names) that will take a given
ip range and simply telnet to each port on an ip. They read the returned
info and dump daemon name and version info to a file which the anklebiter
can review at his or her leisure. A much slower method, granted, but just as
effective for their purposes.
J.
--
"Kill -9 'em all, let root@localhost sort 'em out."