RE: CRIME Netcraft Ethics

From: Quinby, Kris (MED) (kris.quinby@private)
Date: Fri Jun 21 2002 - 11:08:01 PDT

Next message: Brent Tucker: "RE: CRIME Study: Open, closed source equally secure"

Previous message: Tom Tintera: "RE: CRIME EarthLink Password Security Story"
Maybe in reply to: Jimmy S.: "CRIME Netcraft Ethics"
Next in thread: Crispin Cowan: "Re: CRIME Netcraft Ethics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I will agree with Brian in that Netcraft is not send requests that would
determine whether or not an IIS web server is vulnerable to a specific
exploit.  They are rather hitting as many web sites as possible to see
how many of what vendors web servers are being used.

___________________________________________

Kris Quinby, CISSP
Systems Engineer - Data Center Operations
GE Medical Systems Information Technologies
Email: kris.quinby@private
Phone: 503-531-7190
Fax: 503-531-7003
  

-----Original Message-----
From: brvarin@private [mailto:brvarin@private]
Sent: Friday, June 21, 2002 7:19 AM
To: crime@private
Subject: Re: CRIME Netcraft Ethics


I'm fine with it. They aren't searching your box specifically to find
out
if you have a vulnerable machine, they are compiling stats on who runs
what. If you don't like it, you can always remove header information and
patch your machine. Does anyone have a problem with my IDS supplying me
with a giant list of vulnerable IIS servers? With IIS, you don't need to
scan to find vulnerable machines...they will come to you.






From: "Jimmy S." <jimmys@private>@cs.pdx.edu on 06/20/2002 07:38 PM

Sent by:  owner-crime@private



To:   <crime@private>
cc:
bcc:


Subject:  CRIME Netcraft Ethics


Hi all,

   I would like to pose a question?  Does anyone else have a problem
with
Netcraft sweeping the web looking vulnerable servers to latest IIS
buffer
overflow?   Now I know that they are company that compiles statistics on
internet usage but still, the idea of them having a huge database of IP
addresses
of vulnerable IIS servers reminds me of the purpose of most root kits
once
they
are installed.  Which is to scan other servers looking for vulnerable
IP's.
Maybe I'm too
paranoid or off base here but with the proper reverse DNS I can become
an
netcraft
scanning agent myself.  If we are going to rely on reverse DNS to tell
who
is ok
and
who isn't then we will obviously get some with maliciously configured
reverse
DNS.

Below is the hit I received in my web server log:

22:20:13 195.92.95.61 - 80 GET /nonexistent.htr - 500 2148007941 471 161
90550
HTTP/1.0 www.myesn.com
Mozilla/4.0+(compatible;+Netcraft+Webserver+Survey)
-
http://www.netcraft.com/Survey/


Is anyone else ok with this practice?

================================================
Jimmy Sadri  CISSP
jimmys@private
Systems Administrator/Webmaster                  webmaster@private
Network Engineer/Security Consultant                      Myesn.com

Next message: Brent Tucker: "RE: CRIME Study: Open, closed source equally secure"
Previous message: Tom Tintera: "RE: CRIME EarthLink Password Security Story"
Maybe in reply to: Jimmy S.: "CRIME Netcraft Ethics"
Next in thread: Crispin Cowan: "Re: CRIME Netcraft Ethics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 11:45:29 PDT