[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: [LIG] Re: How to identify a Unix machine....
Nah, don't bother with running nmap, you may get caught. Just use
nslookup to list out all the domains using one of TIL's DNS servers.
Yes, they permit zone transfers from unauthorised hosts. No, they're
not the only ones -- 80% of the ISP's I tried zone transfers and other
stuff on happily gave me their IP's, their dial-up IP's, public SNMP
responses from their routers, fingers on their RAS's, the works.
I guess it won't take more than an hour or so to get r00t on any of
their servers either.
Security? What's that?
/me's clue-o-meter reads below zero.
>>>>> "Suresh" == Suresh Ramasubramanian <mallet@xxxxxxx> writes:
Suresh> Amarendra GODBOLE rearranged electrons thusly:
>> Please do not use REAL names, or rather REAL transcripts of
>> your FTP sessions. Might prove a major security hazard for
>> your organisation. Also, check if your company's security
>> policies allow you to represent real server names, user
>> ids. etc..
Suresh> security by obscurity in short ;) it's trivial to find
Suresh> out that tatainfotech.co.in has a host called matrix
Suresh> ... and that matrix is running an ftp server (try running
Suresh> nmap there)
Suresh> Oh btw, _dont_ run an ftp server (least of all, wu-ftpd
Suresh> from the redhat rpm) on a public IP, accessible to
Suresh> everybody. There are several nasty holes in there.
Suresh> Switch to proftpd (or better, remove ftp, telnet and
Suresh> switch to rsync and ssh)
Raju Mathur raju@xxxxxxxxxxxxx http://kandalaya.org/