[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] how do the hackers find your Raq?

Subject: RE: [cobalt-users] how do the hackers find your Raq?
From: "Joey Calvey" <jcalvey@xxxxxxxx>
Date: Wed May 30 08:21:28 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

portsentry is too easy to work around with "distributed port scanning" utils
that use a different ip for each port that they scan, thereby not tripping
portsentry.

firewalls are a good idea, even if it's just ipchains on your raq.  there is
a tremendous amount of info to be found out there.  Subscribe to bugtraq, go
to rootshell, etc.

-----
Joey Calvey (jcalvey@xxxxxxxxxxxxxxxxx)
Calvey Internet & Network Systems


-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Zeffie
Sent: Wednesday, May 23, 2001 4:32 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] how do the hackers find your Raq?


 It's a good question.
>
> > but how do the hackers find your
> > vunerable Raq?  Do they just scan a whole whack of IPs and hope some of
> > them are cobalt machines?
>
> A lot of them scan IP ranges, check for open and ports and check for known

this is why you want to have portsentry installed...  it helps to keep you
off of databases of machine types....

> vulnerabilities.  Once found, the hacker will decide if a machine's worth
> rooting and go about his business.  A lot of them use programs to do the
> scanning and rootkits and instructions to exploit the server and take
> control of it.  And the hacker often has to know little more than how to
> click a mouse and paste text into a shell program.  Fun, eh?  I don't know
> how many are seeking out Cobalt boxes, but it wouldn't be hard to find
them
> if there's a known exploit that affects a Cobalt box.  If you know the
name
> of a hosting company with hundreds of RaQs it's trivial to look up the IP
> blocks it controls and scan them.
>

I'll add that some/most hackers always run a "sniffer" for passwords and
more access to more machines... and they just keep going...

Some hackers might look for credit card sites to hack and some look for
servers that haven't gotten updates like they should and then they just "cut
and paste" into the machine... and setup the sniffer and maybe start a
scanner for various ip ranges....

on a side note.... this is very bad... escpecially when that scanner scans
*.gov Then the fbi shows up in your office one day....  they don't wait for
you to do anything... they just take it...

Zeffie
http://www.zeffie.com/


_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- RE: [cobalt-users] how do the hackers find your Raq?
  - From: Jay Fesco

References:
- Re: [cobalt-users] how do the hackers find your Raq?
  - From: Zeffie

Prev by Date: Re: [cobalt-users] https and 404 page not found errors
Next by Date: Re: [cobalt-users] Cobalt Quick Info!
Previous by thread: Re: [cobalt-users] how do the hackers find your Raq?
Next by thread: RE: [cobalt-users] how do the hackers find your Raq?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index