[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Just getting security paranoid



IK>> message to print some nonexistent Linux distro name. I doubt he knows
IK>> much about ipchains, capabilities, and such, but - dunno - I'm not too
IK>> much into the hax0rs scene, so, could it be that his strategy is in fact
IK>> better than mine? Could it be that setting traps to address the average
IK>> hacker is actually better than doing stuff The Right Way?

Well, AFAIK average script kiddie has a kit. This kit is usually well-made
set of programs that check your system for various vulnerabilities. It
means nothing which distro is on your /etc/issue, if you have vulnerable
qpopper. If you have - they'll find you and fry you, because they do
nothing intelligent - they just launch robots, which scan IP ranges. If it
doesn't work with you, they move on. That's why som much weird sites, like
Nowherewille Baseball Club Home Page, end up in the news pages as a
"hacker targets" - because they just take ones that can be broken by the
kit and skip others. 

On the other side, it might be good to put some trap if you want to
identify and catch someone, but most sysadmins has much more to do than
investigate every portscan. You may install a tool like logcheck and maybe
some other abacus tools, which will tell you about "strange" things
happening, and install some integrity control that would watch your files
(like tripwire). This probably would help about unskilled attacker (I have
no experience with _this_ stage of being attacked, so I cannot say much).

IK>> Anyone knows the hacking/kiddies world a little better? What do they
IK>> look for? Where do they usually update from?

Well, when I was a sort of script kiddie (long time ago...) I looked the
same places I do now - Bugtraq (and its NT cousin), rootshell, CERT,
"hacker" conferences and sites, IRC, social engineering, various vendor's
security alerts, and basically everything marked "security".
-- 
frodo@sharat.co.il	\/  There shall be counsels taken
Stanislav Malyshev	/\  Stronger than Morgul-spells
phone +972-3-9316425	/\  		JRRT LotR.
http://sharat.co.il/frodo/	whois:!SM8333





=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il