[wplug] Govt. authority over crack attempts?
Alexandros Papadopoulos
apapadop at cmu.edu
Fri Sep 26 12:01:08 EDT 2003
On Friday 26 September 2003 09:28, Russ Schneider wrote:
> Does anyone else think there should be some sort of government
> authority when it comes to illegal crack attempts of networks?
no
> I mean, it seems that since I set up my new webserver, I get at least
> one "script kiddie" attempt a day on it (see here for a list
> http://www.sugapablo.net/scripts.php ).
>
> What I envision is a central database where sys admins can post the
> IP, date, and script attempted of any attempt to illegally access a
> network. This data can then be used by law-enforcement to issue
> warnings and then fines for inaction to the originating network
> owners.
Think about it. No, really. I'm the bad guy. I instruct 1000 of my bots
to post YOUR name and IP on that database. Whoohoo, you're blasted off
the net. Another scenario would be compromising that database and doing
all sorts of stuff with it. Nice single point of failure for the entire
"trust" model. And that's without even getting into the discussion of
how much trust you should put on the government to safeguard you and
your rights (it hasn't worked very well historically, has it?)
So: No, this would not help. What *would* help, is netizens knowing what
they're doing and protecting themselves accordignly:
[206.210.67.168]
Login Name Tty Idle Login Time Office
Office Phone
sugapablo Russ Schneider *:0 Sep 23 12:42 412.403.04
412.521.3891
sugapablo Russ Schneider pts/1 8 Sep 23 12:42 (:0)
sugapablo Russ Schneider *pts/2 Sep 23 12:55 (:0)
sugapablo Russ Schneider *pts/3 44 Sep 23 14:54 (:0)
# rpcinfo -p 206.210.67.168
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 1024 status
100024 1 tcp 1024 status
391002 2 tcp 1280 sgi_fam
$ nc 206.210.67.168 80
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Fri, 26 Sep 2003 14:53:43 GMT
Server: Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/1.1mdk)
PHP/4.3.1
Accept-Ranges: bytes
X-Powered-By: PHP/4.3.1
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Interesting ports on ipl-67-0168.pppoe.stargate.net (206.210.67.168):
(The 1640 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
79/tcp open finger
80/tcp open http
111/tcp open rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
631/tcp open ipp
1024/tcp open kdm
4444/tcp filtered krb524
5432/tcp open postgres
6000/tcp open X11
10000/tcp open snet-sensor-mgmt
17300/tcp filtered kuang2
27374/tcp filtered subseven
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux Kernel 2.4.0 - 2.5.20
Uptime 4.132 days (since Mon Sep 22 07:23:14 2003)
Now, with all this information, many people can do many bad things on
your box. That box seems to be a very easy target, and I wouldn't be
surprised if it has already been compromised (at least your ISP is
protecting you from obvious junk like MS-SQL etc).
What I'm trying to say is:
[0] First, learn how to protect yourself (at the very least turn off all
uneccessary services you're running)
[1] Then, get on the net and start providing services (HTTP/FTP etc)
[2] If problem persists, whine in WPLUG :-)
-A
--
http://andrew.cmu.edu/~apapadop/pub_key.asc
3DAD 8435 DB52 F17B 640F D78C 8260 0CC1 0B75 8265
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : http://penguin.wplug.org/pipermail/wplug/attachments/20030926/97306a31/attachment-0001.bin
More information about the wplug
mailing list