CRIME Netcraft Ethics

From: Jimmy S. (jimmys@private)
Date: Thu Jun 20 2002 - 19:38:49 PDT

  • Next message: Zot O'Connor: "CRIME Atlanta Aritcle on their town hall."

    Hi all,
    
        I would like to pose a question?  Does anyone else have a problem with
    Netcraft sweeping the web looking vulnerable servers to latest IIS buffer
    overflow?   Now I know that they are company that compiles statistics on
    internet usage but still, the idea of them having a huge database of IP
    addresses
    of vulnerable IIS servers reminds me of the purpose of most root kits once they
    are installed.  Which is to scan other servers looking for vulnerable IP's.
    Maybe I'm too
    paranoid or off base here but with the proper reverse DNS I can become an
    netcraft
    scanning agent myself.  If we are going to rely on reverse DNS to tell who is ok
    and
    who isn't then we will obviously get some with maliciously configured reverse
    DNS.
    
    Below is the hit I received in my web server log:
    
    22:20:13 195.92.95.61 - 80 GET /nonexistent.htr - 500 2148007941 471 161 90550
    HTTP/1.0 www.myesn.com Mozilla/4.0+(compatible;+Netcraft+Webserver+Survey) -
    http://www.netcraft.com/Survey/
    
    
    Is anyone else ok with this practice?
    
    ================================================
    Jimmy Sadri  CISSP                                             jimmys@private
    Systems Administrator/Webmaster                  webmaster@private
    Network Engineer/Security Consultant                      Myesn.com
    



    This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 20:53:41 PDT