[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Is this coincidence or what - FTP Scans
- Subject: Re: [cobalt-security] Is this coincidence or what - FTP Scans
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Wed, 17 Oct 2001 11:06:23 -0400
- Organization: Befriend Internet Services LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
"Ed Morgan" <excalde@xxxxxxx> wrote:
> >No, they just connect then disconnect without attempting to log in.
> >I get them, dip.t-dialin.net and alot of mindspring all the time also.
>
> Is it possible that the person or persons making these attempts, do so as
a
> result of being on this list. I have noticed most users have addresses
that
> connect directly to their company, which would require little or no work
to
> find a vulnerable server. Since this is a specific server mailing list,
open
> to the public, it would be simply to gain enough information and targets
by
> simply reading the archives of the list. While I don't wish to cause any
> undue panic, I am just wondering if it is something we all should
consider.
Ed,
That's definitely possible and it certainly happens some, but I bet that's a
drop in the bucket compared to the automated intrusion attempts. After all,
most hackers are lazy. It seems most wouldn't prefer to scan a list and
read emails and manually over letting an automated program check many
machines for vulnerabilities and report back its findings so the hacker can
take action. I'd personally be more worried that someone at your server's
data center could sniff packets sent to your server, grab your login info
and get in...or pull the drive out and copy it..or reset the admin password.
Once you have physical access to a drive it's trivial to access anything on
the drive.
Just my 2 cents.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/