!!!DANGER!!!! Acute security risk! WAKE UP!!!!
carlyle.sutphen "at" db.com
Wed Feb 25 11:18:00 2004
> "William Hooper" <whooper "at" freeshell.org>
> Tue, 24 Feb 2004 10:50:46 -0500 (EST)
> > Let me echo Jack with a bit of emphasis. Look, some of you
> > are publishing the IP addresses of your routers, the make and version
> > of your routers, WHICH PORTS YOU ARE OPENING
> You can get that from a simple port scan.
A port scanner only makes educated guesses at which OS and version.
It's also an unnecessary convenience to know the IP and that
the admin is not so concerned with security. Reading lists like
this is an excersize in social engineering.
> Having actual numbers instead of aaa.aaa.aaa.aaa and bbb.bbb.bbb.bbb help
> most of the time because the person needing help assumes it doesn't matter
> and the person offering help must assume that they know what they are
> doing. If I told you that I was trying to connect to my machine behind a
> NAT device using aaa.aaa.aaa.aaa:1 you have no way of knowing if I'm
> posting the external address of the NAT device or the internal address of
> the machine.
Or one could say xxx.xxx.xxx.xxx is an external address, pingable from the
internet and iii.iii.iii.123 are internal addresses, invisible to the
internet. Agreeing on convensions encourages the learning process and
makes the actual numbers unimportant.
It is my point that not all know what they are doing and my intent to
encourage them to learn.
> > Please look into VPN and SSH. Use VNC exclusively through one of
> > these.
> That I don't disagree with.
> > Also, educate yourselves on intrusion detection. Turn up the logging
> > verbosity on your routers and check them regularly. You may well be
> > surprised to see what is going on "down there"
> At the point the NAT device is logging it, it is stopping it. I
> personally don't see much use about getting worked up about all the MS
> Windows machines spewing broadcast packets out on NetBIOS ports. Or for
> that matter all the worms trying to talk to my non-existent MSSQL server.
> Much better advice would be to check the logs of whatever Internet facing
> services you are running.
Don't get worked up, just be aware. One day it might be decided to set
up an MSSQL server and knowing its weaknesses helps in shielding it.
I was sure glad while reading my logs recently that I had my ftp daemon
configured to deny most access including root. Common sense if you are
aware of the possibility of somebody coincidentally scanning my
dynamically assigned dialup address and attempting ftp as root on it.
Diese E-Mail enthdlt vertrauliche und/oder rechtlich gesch|tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrt|mlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.