Security Incidents mailing list archives

Re: Something nasty

From: "Jay D. Dyson" <jdyson () TREACHERY NET>
Date: Wed, 6 Sep 2000 10:03:24 -0700

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 6 Sep 2000, Adam Maloney wrote:

I think it's rather obvious that these people are trying to save time
nmapping the whole internet so they'd rather just have clueless sales
droids fill out the form that I presume would ask for what type/version
of OS, what software is installed, etc.  It would make compromising the
box pretty easy.


        As a person much wiser than I once said, "Sufficiently advanced
stupidity is indistinguishable from malice."  With that in mind, I'd opt
more for cluelessness on the sender's part.  With the various domains I've
assisted in managing, inquiries like this are pretty common (and they
usually want *free* shell accounts).  Even so, I must admit this is the
first time I've see such an inquiry accompanied by a URL.

        As it stands, there are a number of sites that offer loads of
information on what ISPs offer shell accounts and whatnot.  There are also
lists of Freenets (many of which offer shell accounts) that can be readily
found via Google, Yahoo and Altavista.  All of these lists can be run past
netcraft.com if the individual *truly* wanted to ID your webserver's OS
(and most enterprise-wide webservers reflect the dominant OS in a given
network).

        Judging from all the above, I'd say this is a benign "threat."  If
someone really wanted to scope out your network or OS, there are a great
many methods that could be readily employed that wouldn't so easily put
the potential intruder on your radar.

- -Jay

   (                                                              ______
   ))   .--- "There's always time for a good cup of coffee" ---.   >===<--.
 C|~~| (>-------- Jay D. Dyson -- jdyson () treachery net --------<) |   = |-'
  `--'  `-- Encrypt as if your life depends on it.  It does. --'  `-----'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBObZ459CClfiU/BIVAQFQZgQAhhWwXfnjEztu5DQFg8VCOi8CnZ0eL4H7
0xuHaMrMh2+Sa9Eu4tv7qN8nX90ZQ1nvfAOzqwKZKba62XbWrfVc4GW1vu6DEyE4
N+k0vn47Dmw5KQL8eI5MqLzoovwWuF3yhUe606uIx0UW7poH05kF+gV312HaWLOP
oLGsB6XLxUM=
=bIyl
-----END PGP SIGNATURE-----

Current thread:

Something nasty Adam Maloney (Sep 06)
- Re: Something nasty Jay D. Dyson (Sep 06)
- Re: Something nasty Rich Puhek (Sep 06)
- Re: Something nasty Gerhard den Hollander (Sep 07)