[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?
Raven, corporate courtesan
raven at oneeyedcrow.net
Wed Nov 21 16:30:35 EST 2001
Quoth Michael Carson (Wed, Nov 21, 2001 at 02:44:01PM -0500):
> The real pros aren't after a defacement, most of the time, and
> increasingly, neither are the script kiddies. They may be using you as
> a launch point for attacks against another system, as a file repository,
> as a place to run a chat or game server, as a launch point for DDoS
> attacks, or even as one way to get more CPU time for SETI at Home.
Yah. In the last few months, I chased a blackhat (or several
working together) through nine Unix boxes. They only did something
obvious one time out of the nine. More often they're happier if you
don't notice they're there, so they can use the box for their own
purposes. And putting up a big splashy defacement is a surefire way to
let you know they're there.
If you're interested in this sort of thing, I would highly
recommmend checking out the Honeynet Project
(http://project.honeynet.org). Fascinating stuff, and you can really
get a good sense of what the bad guys out there are doing day to day,
and sometimes even of why.
"Get paranoid, Riff! Get real paranoid, Riff!"
-- call lines from the Rocky Horror Picture Show
More information about the Techtalk