Re: [ISN] Anti-Nuke Cracker Strikes Again

From: mea culpa (jerichot_private)
Date: Sat Jul 04 1998 - 20:52:40 PDT

  • Next message: mea culpa: "Re: [ISN] ICSA employes an undercover hacker spy."

    [Moderator: As I told Jason Storm, working on a server before
     hand constitutes more than "one hour" of working on it. Just because
     you don't do all of the hacking in one sitting doesn't mean the
     time wasn't spent. I still say that hacking 300 servers, OR
     doing what they did to 300 vhosts on a single server probably
     took more than an hour. For those of you saying "who cares",
     it is a matter of media being misleading or lying in order
     to make the story more dramatic.]
    Reply From: jason storm <swopet_private>
    > [Moderator: Unfortunately I replied without reading the entire
    >  article. :)  Yes, you can change 300 vhosted sites in an hour.
    >  BUT, that brings up another mistake. Hacking a single server
    >  with 300 vhosts doesn't qualify as a "mass attack" in my eyes.]
    In point of fact, hacking 300 servers in an hour is entirely feasable.
    It would be a matter of scanning the servers before hand, say for bind and
    qpopper vulnerablity, then simply running a perl script that went down a
    list of servers, rooting each, executing a simple ftp command from each to
    get a tar archive via ncftp from a anonymous server.
    Once the archive was downloaded, the server could then be told to untar
    the archive, perform a 'find / -name index.html', and selectively replace
    each one with an altered version from the archive.
    As mentioned, if the servers were trojaned before hand this would be no
    challenge at all, and wouldnt really constitute a 'mass hack' in my eyes.
    Btw, if this was posted two months ago, Id say it wasnt realistic.  At the
    moment however, with so many distrubutions requiring vital upgrades to
    keep out even the most inept intruder, I consider this 300-hacks-per-hour
    proposal to be feasable.
    Anyone who claims such a scenario is beyond the skills of the media's
    beloved "average hacker" is woefully out of touch with the nature of net
    security as it stands.
    Jason Storm
    Admin, Negation Industries
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:54 PDT