[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Is this coincidence or what - FTP Scans

Subject: RE: [cobalt-security] Is this coincidence or what - FTP Scans
From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
Date: Thu, 18 Oct 2001 09:28:52 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Steve Werby wrote:

> I'd personally be more worried that someone at your server's
> data center could sniff packets sent to your server, grab 
> your login info and get in...or pull the drive out and copy
> it..or reset the admin password.
> Once you have physical access to a drive it's trivial to 
> access anything on the drive.

ISTR saying this before... may have been a different list. My job involves
looking after two disparate networks with several thousand machines on them.
Sure, I could sniff the traffic and use someone's login info to get in, or
even go as far as physically removing a drive, but what would that get me? A
bunch of web pages? Some jokes by email? Even more spam than I already see
every day? No thanks.

One of the reasons that you guys (people running webservers and the like)
pay us (colocation or server leasing companies) is that we are staffed by
*professionals*. Professional behaviour in a job like this means precisely
NOT taking advantage of the power under your fingertips unless you do it to
prevent disruption of normal operations.

You'll find that pretty much all major data centre installations have the
capability to sniff all traffic at their site boundaries, simply because it
allows them to safeguard their customers' machines and data. Personally (and
I can only speak from my perspective here) if someone in a position of that
much power was to abuse it, they would quickly be caught and would probably
find it very difficult to gain employment in the field again.

I think you'll also find that abusing any sort of data sniffing capability
for personal gain would probably fall under (in the UK at least) the Data
Protection Act, but more probably the Misuse of Computers Act; if it wasn't
simply defined as theft.

That's why we (well, I!) don't do it. We do our jobs, what lives on your
server is not remotely interesting. Sorry to put it like that, but it's the
easiest way for me to look at it!

<coming back on-topic>

Regarding the correlation between addresses on this list and servers being
'hit' - in whatever way - I think that it's deeply unlikely that there's any
great relationship between the two, so I agree with Steven. Most crackers do
things in an automated fashion and then read the results when they're next
at their terminal. Let's face it, a kiddie (and most of them are) is
definitely not gonna trawl through the Cobalt archives, are they? You'd get
bored pretty quick if you did!

Graeme

Follow-Ups:
- Re: [cobalt-security] Is this coincidence or what - FTP Scans
  - From: Steve Werby

Prev by Date: Re: [cobalt-security] Security violations - SPAM
Next by Date: [cobalt-security] Possibly OT - Telnet and HTTP
Previous by thread: Re: [cobalt-security] Is this coincidence or what - FTP Scans
Next by thread: Re: [cobalt-security] Is this coincidence or what - FTP Scans

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index