Re: Re: [LIP] How to identify a Unix machine....

[Raju Mathur <raju@xxxxxxxxxxxxxxx>]

Nah, don't bother with running nmap, you may get caught.  Just use
nslookup to list out all the domains using one of TIL's DNS servers.

Yes, they permit zone transfers from unauthorised hosts.  No, they're
not the only ones -- 80% of the ISP's I tried zone transfers and other
stuff on happily gave me their IP's, their dial-up IP's, public SNMP
responses from their routers, fingers on their RAS's, the works.

I guess it won't take more than an hour or so to get r00t on any of
their servers either.

Security?  What's that?

/me's clue-o-meter reads below zero.

Regards,

-- Raju

>>>>> "Suresh" == Suresh Ramasubramanian <mallet@xxxxxxx> writes:

    Suresh> Amarendra GODBOLE rearranged electrons thusly:
    >> Please do not use REAL names, or rather REAL transcripts of
    >> your FTP sessions.  Might prove a major security hazard for
    >> your organisation. Also, check if your company's security
    >> policies allow you to represent real server names, user
    >> ids. etc..
 
    Suresh>  security by obscurity in short ;) it's trivial to find
    Suresh> out that tatainfotech.co.in has a host called matrix
    Suresh> ... and that matrix is running an ftp server (try running
    Suresh> nmap there)
 
    Suresh>  Oh btw, _dont_ run an ftp server (least of all, wu-ftpd
    Suresh> from the redhat rpm) on a public IP, accessible to
    Suresh> everybody.  There are several nasty holes in there.
    Suresh> Switch to proftpd (or better, remove ftp, telnet and
    Suresh> switch to rsync and ssh)
-- 
Raju Mathur          raju@xxxxxxxxxxxxx           http://kandalaya.org/