On Fri, 2002-06-21 at 07:19, brvarin@private wrote: > I'm fine with it. They aren't searching your box specifically to find out > if you have a vulnerable machine, they are compiling stats on who runs > what. If you don't like it, you can always remove header information and > patch your machine. This is an assumption that is basically wrong. Try it with varous version of IIS. Even apache I had to edit the binary (Yes I know I can recompile it, but editing a binary gives you so much more of a rush). Apache 2.0 supposedly allows this to be fixed, I have not tested. Does anyone have a problem with my IDS supplying me > with a giant list of vulnerable IIS servers? With IIS, you don't need to > scan to find vulnerable machines...they will come to you. > > > > > > > From: "Jimmy S." <jimmys@private>@cs.pdx.edu on 06/20/2002 07:38 PM > > Sent by: owner-crime@private > > > > To: <crime@private> > cc: > bcc: > > > Subject: CRIME Netcraft Ethics > > > Hi all, > > I would like to pose a question? Does anyone else have a problem with > Netcraft sweeping the web looking vulnerable servers to latest IIS buffer > overflow? Now I know that they are company that compiles statistics on > internet usage but still, the idea of them having a huge database of IP > addresses > of vulnerable IIS servers reminds me of the purpose of most root kits once > they > are installed. Which is to scan other servers looking for vulnerable IP's. > Maybe I'm too > paranoid or off base here but with the proper reverse DNS I can become an > netcraft > scanning agent myself. If we are going to rely on reverse DNS to tell who > is ok > and > who isn't then we will obviously get some with maliciously configured > reverse > DNS. > > Below is the hit I received in my web server log: > > 22:20:13 195.92.95.61 - 80 GET /nonexistent.htr - 500 2148007941 471 161 > 90550 > HTTP/1.0 www.myesn.com Mozilla/4.0+(compatible;+Netcraft+Webserver+Survey) > - > http://www.netcraft.com/Survey/ > > > Is anyone else ok with this practice? > > ================================================ > Jimmy Sadri CISSP > jimmys@private > Systems Administrator/Webmaster webmaster@private > Network Engineer/Security Consultant Myesn.com > > > > -- Zot O'Connor http://www.ZotConsulting.com http://www.WhiteKnightHackers.com
This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 04:38:30 PDT