[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Just getting security paranoid



They probably scan packetstorm on a daily basis (ever
since rootshell stopped updating, they re-discovered
ps it seems :), browse through BugTraq for l33t new 'xploits, and
cruise NTBugTraq as well.

I suppose the averege script kiddie likes to use automated tools
(read: no-brainers), so it's a good idea to have your logs
scanned for such commong things (for instance, /etc/shadow
as part of a URL in your httpd logs - I see tons of those).

Seems like the latest craze is TFN and Trinoo (or Trin00 if
you're c00l), and other such distributed attack tools. But
you might be kind of defenseless unless it is your own
network used to attack you.

Actually TFN is a pretty cool idea.

Ilya Konstantinov wrote:
> 
> While I never declared myself a security expert :), I've seen
> security experts who secured his machine by changing his /etc/issue
> message to print some nonexistent Linux distro name. I doubt he knows
> much about ipchains, capabilities, and such, but - dunno - I'm not too
> much into the hax0rs scene, so, could it be that his strategy is in fact
> better than mine? Could it be that setting traps to address the average
> hacker is actually better than doing stuff The Right Way?
> Anyone knows the hacking/kiddies world a little better? What do they
> look for? Where do they usually update from?
> 
> --
> Best regards,
> Ilya Konstantinov a.k.a Toastie
> [http://toast.demon.co.il]
> 
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il

-- 
/---------------  Omer Efraim, omere@tcmail.tau.ac.il ------------------\
[   Microsoft Vaccine 2000 is configuring your immune system. This may  ]
[ take a few minutes. If your body stops responding for a long time and ]
[ there is no brain activity please die. Setup will continue after you  ]
[                            are reborn.                                ] 
\-----------------------------------------------------------------------/
 - Quoting Buzh, asr

S/MIME Cryptographic Signature