You're very correct. Also why when we generate logs of 60,000 IPs, they don't get distributed to too many people. Jimmy > -----Original Message----- > From: Jimmy Sadri [SMTP:jimmys@private] > Sent: Thursday, August 02, 2001 2:22 PM > To: 'crime@private' > Subject: Hacker Delight > > > > As I was sitting here filtering out all the "Code Red" hits on my IDS's > and Firewall's a thought occurred to me... This could be a hackers > delight... in the sense that all a hacker has to do is sit back and wait > for the "Code Red" hits to show up in his logs. He then has a potential > list of targets which are known to be vulnerable. No searching > required. Using the code provided by that Japanse dude "Speed > Junkie" they could easily go through on each of these boxes as they appear > in the logs. The user will assume (if they ever figure it out) that it > was just the "Code Red" worm... But my point all these boxes infected by > the are simply becon's saying "Come hack me! and here's my IP so you don't > have to search for me" > > Hmmmm hope for everyone's (everyone meaning IIS users) sake that I am the > only one to think of this. > > ======================================================= > Jimmy Sadri jimmys@private > Network Engineer/ jimmys@private > Security Consultant
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:05 PDT