Re: CRIME Netcraft Ethics

From: brvarin@private
Date: Fri Jun 21 2002 - 07:19:13 PDT

  • Next message: brvarin@private: "RE: CRIME Study: Open, closed source equally secure"

    I'm fine with it. They aren't searching your box specifically to find out
    if you have a vulnerable machine, they are compiling stats on who runs
    what. If you don't like it, you can always remove header information and
    patch your machine. Does anyone have a problem with my IDS supplying me
    with a giant list of vulnerable IIS servers? With IIS, you don't need to
    scan to find vulnerable machines...they will come to you.
    
    
    
    
    
    
    From: "Jimmy S." <jimmys@private>@cs.pdx.edu on 06/20/2002 07:38 PM
    
    Sent by:  owner-crime@private
    
    
    
    To:   <crime@private>
    cc:
    bcc:
    
    
    Subject:  CRIME Netcraft Ethics
    
    
    Hi all,
    
       I would like to pose a question?  Does anyone else have a problem with
    Netcraft sweeping the web looking vulnerable servers to latest IIS buffer
    overflow?   Now I know that they are company that compiles statistics on
    internet usage but still, the idea of them having a huge database of IP
    addresses
    of vulnerable IIS servers reminds me of the purpose of most root kits once
    they
    are installed.  Which is to scan other servers looking for vulnerable IP's.
    Maybe I'm too
    paranoid or off base here but with the proper reverse DNS I can become an
    netcraft
    scanning agent myself.  If we are going to rely on reverse DNS to tell who
    is ok
    and
    who isn't then we will obviously get some with maliciously configured
    reverse
    DNS.
    
    Below is the hit I received in my web server log:
    
    22:20:13 195.92.95.61 - 80 GET /nonexistent.htr - 500 2148007941 471 161
    90550
    HTTP/1.0 www.myesn.com Mozilla/4.0+(compatible;+Netcraft+Webserver+Survey)
    -
    http://www.netcraft.com/Survey/
    
    
    Is anyone else ok with this practice?
    
    ================================================
    Jimmy Sadri  CISSP
    jimmys@private
    Systems Administrator/Webmaster                  webmaster@private
    Network Engineer/Security Consultant                      Myesn.com
    



    This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 09:03:52 PDT