[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: [LIG] Re: How to identify a Unix machine....
Raju Mathur rearranged electrons thusly:
> Nah, don't bother with running nmap, you may get caught. Just use
> nslookup to list out all the domains using one of TIL's DNS servers.
> Yes, they permit zone transfers from unauthorised hosts. No, they're
not all do. and nmap also lists open ports.
> I guess it won't take more than an hour or so to get r00t on any of
> their servers either.
... using readymade rootkits, far less, I expect. Especially as the hacks to
get into default deadrat^W redhat setups are quite well documented.
_Especially_ if they have configured sendmail etc with linuxconf (and left
linuxconf open to all).
> Security? What's that?
> /me's clue-o-meter reads below zero.
If they are running such misconfigured boxes, I have rather strong suspicions
that their server logs are read by one Mr.Dave Null (aka /dev/null), most of
Suresh Ramasubramanian + mallet<@>efn.org
You spamma my mailbox, I nukea da ass