Re: CRIME Netcraft Ethics

From: Zot O'Connor (zot@private)
Date: Sun Jun 23 2002 - 03:14:40 PDT

Next message: Alan: "Re: CRIME Netcraft Ethics"

Previous message: Zot O'Connor: "Re: CRIME EarthLink Password Security Story"
In reply to: brvarin@private: "Re: CRIME Netcraft Ethics"
Next in thread: Quinby, Kris (MED): "RE: CRIME Netcraft Ethics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2002-06-21 at 07:19, brvarin@private wrote:
> I'm fine with it. They aren't searching your box specifically to find out
> if you have a vulnerable machine, they are compiling stats on who runs
> what. If you don't like it, you can always remove header information and
> patch your machine. 

This is an assumption that is basically wrong.  Try it with varous
version of IIS.  Even apache I had to edit the binary (Yes I know I can
recompile it, but editing a binary gives you so much more of a rush).

Apache 2.0 supposedly allows this to be fixed, I have not tested.



Does anyone have a problem with my IDS supplying me
> with a giant list of vulnerable IIS servers? With IIS, you don't need to
> scan to find vulnerable machines...they will come to you.
> 
> 
> 
> 
> 
> 
> From: "Jimmy S." <jimmys@private>@cs.pdx.edu on 06/20/2002 07:38 PM
> 
> Sent by:  owner-crime@private
> 
> 
> 
> To:   <crime@private>
> cc:
> bcc:
> 
> 
> Subject:  CRIME Netcraft Ethics
> 
> 
> Hi all,
> 
>    I would like to pose a question?  Does anyone else have a problem with
> Netcraft sweeping the web looking vulnerable servers to latest IIS buffer
> overflow?   Now I know that they are company that compiles statistics on
> internet usage but still, the idea of them having a huge database of IP
> addresses
> of vulnerable IIS servers reminds me of the purpose of most root kits once
> they
> are installed.  Which is to scan other servers looking for vulnerable IP's.
> Maybe I'm too
> paranoid or off base here but with the proper reverse DNS I can become an
> netcraft
> scanning agent myself.  If we are going to rely on reverse DNS to tell who
> is ok
> and
> who isn't then we will obviously get some with maliciously configured
> reverse
> DNS.
> 
> Below is the hit I received in my web server log:
> 
> 22:20:13 195.92.95.61 - 80 GET /nonexistent.htr - 500 2148007941 471 161
> 90550
> HTTP/1.0 www.myesn.com Mozilla/4.0+(compatible;+Netcraft+Webserver+Survey)
> -
> http://www.netcraft.com/Survey/
> 
> 
> Is anyone else ok with this practice?
> 
> ================================================
> Jimmy Sadri  CISSP
> jimmys@private
> Systems Administrator/Webmaster                  webmaster@private
> Network Engineer/Security Consultant                      Myesn.com
> 
> 
> 
> 
-- 
Zot O'Connor

http://www.ZotConsulting.com
http://www.WhiteKnightHackers.com

Next message: Alan: "Re: CRIME Netcraft Ethics"
Previous message: Zot O'Connor: "Re: CRIME EarthLink Password Security Story"
In reply to: brvarin@private: "Re: CRIME Netcraft Ethics"
Next in thread: Quinby, Kris (MED): "RE: CRIME Netcraft Ethics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 04:38:30 PDT