Re: [ISN] Anti-Nuke Cracker Strikes Again

From: mea culpa (jerichot_private)
Date: Sat Jul 04 1998 - 20:52:40 PDT

Next message: mea culpa: "Re: [ISN] ICSA employes an undercover hacker spy."

Previous message: mea culpa: "Re: [ISN] Anti-Nuke Cracker Strikes Again"
Maybe in reply to: mea culpa: "[ISN] Anti-Nuke Cracker Strikes Again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Moderator: As I told Jason Storm, working on a server before
 hand constitutes more than "one hour" of working on it. Just because
 you don't do all of the hacking in one sitting doesn't mean the
 time wasn't spent. I still say that hacking 300 servers, OR
 doing what they did to 300 vhosts on a single server probably
 took more than an hour. For those of you saying "who cares",
 it is a matter of media being misleading or lying in order
 to make the story more dramatic.]


Reply From: jason storm <swopet_private>

> [Moderator: Unfortunately I replied without reading the entire
>  article. :)  Yes, you can change 300 vhosted sites in an hour.
>  BUT, that brings up another mistake. Hacking a single server
>  with 300 vhosts doesn't qualify as a "mass attack" in my eyes.]


In point of fact, hacking 300 servers in an hour is entirely feasable.
It would be a matter of scanning the servers before hand, say for bind and
qpopper vulnerablity, then simply running a perl script that went down a
list of servers, rooting each, executing a simple ftp command from each to
get a tar archive via ncftp from a anonymous server.

Once the archive was downloaded, the server could then be told to untar
the archive, perform a 'find / -name index.html', and selectively replace
each one with an altered version from the archive.

As mentioned, if the servers were trojaned before hand this would be no
challenge at all, and wouldnt really constitute a 'mass hack' in my eyes.

Btw, if this was posted two months ago, Id say it wasnt realistic.  At the
moment however, with so many distrubutions requiring vital upgrades to
keep out even the most inept intruder, I consider this 300-hacks-per-hour
proposal to be feasable.

Anyone who claims such a scenario is beyond the skills of the media's
beloved "average hacker" is woefully out of touch with the nature of net
security as it stands.

Jason Storm
Admin, Negation Industries


-o-
Subscribe: mail majordomot_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

Next message: mea culpa: "Re: [ISN] ICSA employes an undercover hacker spy."
Previous message: mea culpa: "Re: [ISN] Anti-Nuke Cracker Strikes Again"
Maybe in reply to: mea culpa: "[ISN] Anti-Nuke Cracker Strikes Again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:54 PDT